VYPR

rpm package

suse/kernel-livepatch-SLE15-SP6-RT_Update_0&distro=SUSE Linux Enterprise Live Patching 15 SP6

pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_0&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6

Vulnerabilities (91)

  • CVE-2024-57893Jan 15, 2025
    affected < 18-150600.3.1fixed 18-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal

  • CVE-2024-57882Jan 15, 2025
    affected < 12-150600.3.1fixed 12-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: mptcp: fix TCP options overflow. Syzbot reported the following splat: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-dere

  • CVE-2024-57793Jan 11, 2025
    affected < 18-150600.3.1fixed 18-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors In CoCo VMs it is possible for the untrusted host to cause set_memory_decrypted() to fail such that an error is returned and the resulting mem

  • CVE-2024-56664Dec 27, 2024
    affected < 19-150600.3.1fixed 19-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix race between element replace and close() Element replace (with a socket different from the one stored) may race with socket's close() link popping & unlinking. __sock_map_delete() unconditiona

  • CVE-2024-56650Dec 27, 2024
    affected < 14-150600.3.1fixed 14-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix LED ID check in led_tg_check() Syzbot has reported the following BUG detected by KASAN: BUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70 Read of size 1 at addr ffff8881022da0c8 by ta

  • CVE-2024-56605Dec 27, 2024
    affected < 17-150600.3.1fixed 17-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk o

  • CVE-2024-56601Dec 27, 2024
    affected < 17-150600.3.1fixed 17-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock o

  • CVE-2024-56600Dec 27, 2024
    affected < 13-150600.3.1fixed 13-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the

  • CVE-2024-56582Dec 27, 2024
    affected < 17-150600.3.1fixed 17-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free in btrfs_encoded_read_endio() Shinichiro reported the following use-after free that sometimes is happening in our CI system when running fstests' btrfs/284 on a TCMU runner device:

  • CVE-2024-56558Dec 27, 2024
    affected < 18-150600.3.1fixed 18-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. This only ensures that `exp` will not be freed. Therefore, the reference count for `exp` can drop to

  • CVE-2024-53166HigDec 27, 2024
    affected < 18-150600.3.1fixed 18-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq from bic without the loc

  • CVE-2024-53237Dec 27, 2024
    affected < 14-150600.3.1fixed 14-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix use-after-free in device_for_each_child() Syzbot has reported the following KASAN splat: BUG: KASAN: slab-use-after-free in device_for_each_child+0x18f/0x1a0 Read of size 8 at addr ffff88801f605

  • CVE-2024-53214Dec 27, 2024
    affected < 18-150600.3.1fixed 18-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Properly hide first-in-list PCIe extended capability There are cases where a PCIe extended capability should be hidden from the user. For example, an unknown capability (i.e., capability with ID great

  • CVE-2024-53208Dec 27, 2024
    affected < 17-150600.3.1fixed 17-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in set_power

  • CVE-2024-53173Dec 27, 2024
    affected < 18-150600.3.1fixed 18-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open() Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfs

  • CVE-2024-53156Dec 24, 2024
    affected < 15-150600.3.1fixed 15-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51 index 255

  • CVE-2024-53146Dec 24, 2024
    affected < 18-150600.3.1fixed 18-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that

  • CVE-2024-53125Dec 4, 2024
    affected < 19-150600.3.1fixed 19-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: bpf: sync_linked_regs() must preserve subreg_def Range propagation must not affect subreg_def marks, otherwise the following example is rewritten by verifier incorrectly when BPF_F_TEST_RND_HI32 flag is set:

  • CVE-2024-53104KEVDec 2, 2024
    affected < 10-150600.3.1fixed 10-150600.3.1

    In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the fra

  • CVE-2024-8805Nov 22, 2024
    affected < 14-150600.3.1fixed 14-150600.3.1

    BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific

Page 2 of 5