rpm package
suse/kernel-livepatch-SLE15-SP6-RT_Update_1&distro=SUSE Linux Enterprise Live Patching 15 SP6
pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6
Vulnerabilities (834)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52472 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Feb 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: rsa - add a check for allocation failure Static checkers insist that the mpi_alloc() allocation can fail so add a check to prevent a NULL dereference. Small allocations like this can't actually fail in | ||
| CVE-2024-26601 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Feb 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd ("ext4: remove redundant mb_regenerate_buddy()") and reintroduces mb_regenerate_buddy(). Based on cod | ||
| CVE-2023-52458 | Med | 5.5 | < 1-150600.1.5.1 | 1-150600.1.5.1 | Feb 23, 2024 | In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no check on whether the length is aligned with the logical block size. If th | |
| CVE-2023-52435 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Feb 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able to crash the kernel in skb_segment() [1] GSO_BY_FRAGS is a forbidden value, but unfortunately the following computation in skb_segment() can | ||
| CVE-2024-25739 | Med | 5.5 | < 1-150600.1.5.1 | 1-150600.1.5.1 | Feb 12, 2024 | create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. | |
| CVE-2024-25741 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Feb 12, 2024 | printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact. | ||
| CVE-2024-24861 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Feb 5, 2024 | A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue. | ||
| CVE-2024-22099 | Med | 6.3 | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jan 25, 2024 | NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2. | |
| CVE-2024-23848 | Med | 5.5 | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jan 23, 2024 | In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. | |
| CVE-2024-0639 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jan 17, 2024 | A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system. | ||
| CVE-2023-51780 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Dec 25, 2023 | An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition. | ||
| CVE-2023-7042 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Dec 21, 2023 | A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service. | ||
| CVE-2023-6238 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Nov 21, 2023 | A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing r | ||
| CVE-2023-0160 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jul 18, 2023 | A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system. |
- CVE-2023-52472Feb 25, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: crypto: rsa - add a check for allocation failure Static checkers insist that the mpi_alloc() allocation can fail so add a check to prevent a NULL dereference. Small allocations like this can't actually fail in
- CVE-2024-26601Feb 24, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd ("ext4: remove redundant mb_regenerate_buddy()") and reintroduces mb_regenerate_buddy(). Based on cod
- affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: block: add check that partition length needs to be aligned with block size Before calling add partition or resize partition, there is no check on whether the length is aligned with the logical block size. If th
- CVE-2023-52435Feb 20, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able to crash the kernel in skb_segment() [1] GSO_BY_FRAGS is a forbidden value, but unfortunately the following computation in skb_segment() can
- affected < 1-150600.1.5.1fixed 1-150600.1.5.1
create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.
- CVE-2024-25741Feb 12, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.
- CVE-2024-24861Feb 5, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.
- affected < 1-150600.1.5.1fixed 1-150600.1.5.1
NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2.
- affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
- CVE-2024-0639Jan 17, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.
- CVE-2023-51780Dec 25, 2023affected < 1-150600.1.5.1fixed 1-150600.1.5.1
An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.
- CVE-2023-7042Dec 21, 2023affected < 1-150600.1.5.1fixed 1-150600.1.5.1
A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.
- CVE-2023-6238Nov 21, 2023affected < 1-150600.1.5.1fixed 1-150600.1.5.1
A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing r
- CVE-2023-0160Jul 18, 2023affected < 1-150600.1.5.1fixed 1-150600.1.5.1
A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.
Page 42 of 42