rpm package
suse/kernel-livepatch-SLE15-SP6-RT_Update_1&distro=SUSE Linux Enterprise Live Patching 15 SP6
pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6
Vulnerabilities (834)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-36479 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take t | ||
| CVE-2024-35247 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: fpga: region: add owner module and take its refcount The current implementation of the fpga region assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take t | ||
| CVE-2024-39291 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using t | ||
| CVE-2024-38664 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dpsub: Always register bridge We must always register the DRM bridge, since zynqmp_dp_hpd_work_func calls drm_bridge_hpd_notify, which in turn expects hpd_mutex to be initialized. We do this before | ||
| CVE-2024-38663 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"), each iostat instance is added to blkcg percpu list, so blkcg_reset_stats() can't re | ||
| CVE-2024-38384 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE ->lqueued __blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start is being executed. If WRITE of `->lqueued` is re-ordered with READ | ||
| CVE-2024-38780 | Med | 5.5 | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore from known context") by error replaced spin_unlock_irqrestore() with spin_unlock_ir | |
| CVE-2024-36477 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As su | ||
| CVE-2024-34777 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KAS | ||
| CVE-2024-39277 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in | ||
| CVE-2024-38659 | Hig | 7.1 | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of length PORT_PROFILE_MAX and that the nl attributes IFLA_PORT_INSTANCE_UUID, IFLA | |
| CVE-2024-38635 | Hig | 7.1 | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: soundwire: cadence: fix invalid PDI offset For some reason, we add an offset to the PDI, presumably to skip the PDI0 and PDI1 which are reserved for BPT. This code is however completely wrong and leads to an o | |
| CVE-2024-38381 | Hig | 7.1 | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and | |
| CVE-2024-38636 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support wi | ||
| CVE-2024-38634 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Lock port->lock when calling uart_handle_cts_change() uart_handle_cts_change() has to be called with port lock taken, Since we run it in a separate work, the lock may not be taken at the time o | ||
| CVE-2024-38633 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Update uart_driver_registered on driver removal The removal of the last MAX3100 device triggers the removal of the driver. However, code doesn't update the respective global variable and after | ||
| CVE-2024-38630 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger When the cpu5wdt module is removing, the origin code uses del_timer() to de-activate the timer. If the timer handler is running, del_timer() | ||
| CVE-2024-38629 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Avoid unnecessary destruction of file_ida file_ida is allocated during cdev open and is freed accordingly during cdev release. This sequence is guaranteed by driver file operations. Therefore, | ||
| CVE-2024-38628 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind. Hang on to the control IDs instead of pointers since those are correctly handled with locks. | ||
| CVE-2024-38627 | — | < 1-150600.1.5.1 | 1-150600.1.5.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees "stm" so the vfree(stm) on the next line is a double free. |
- CVE-2024-36479Jun 24, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take t
- CVE-2024-35247Jun 24, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: fpga: region: add owner module and take its refcount The current implementation of the fpga region assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take t
- CVE-2024-39291Jun 24, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using t
- CVE-2024-38664Jun 24, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dpsub: Always register bridge We must always register the DRM bridge, since zynqmp_dp_hpd_work_func calls drm_bridge_hpd_notify, which in turn expects hpd_mutex to be initialized. We do this before
- CVE-2024-38663Jun 24, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"), each iostat instance is added to blkcg percpu list, so blkcg_reset_stats() can't re
- CVE-2024-38384Jun 24, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE ->lqueued __blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start is being executed. If WRITE of `->lqueued` is re-ordered with READ
- affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore from known context") by error replaced spin_unlock_irqrestore() with spin_unlock_ir
- CVE-2024-36477Jun 21, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As su
- CVE-2024-34777Jun 21, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KAS
- CVE-2024-39277Jun 21, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in
- affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of length PORT_PROFILE_MAX and that the nl attributes IFLA_PORT_INSTANCE_UUID, IFLA
- affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: soundwire: cadence: fix invalid PDI offset For some reason, we add an offset to the PDI, presumably to skip the PDI0 and PDI1 which are reserved for BPT. This code is however completely wrong and leads to an o
- affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and
- CVE-2024-38636Jun 21, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support wi
- CVE-2024-38634Jun 21, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Lock port->lock when calling uart_handle_cts_change() uart_handle_cts_change() has to be called with port lock taken, Since we run it in a separate work, the lock may not be taken at the time o
- CVE-2024-38633Jun 21, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Update uart_driver_registered on driver removal The removal of the last MAX3100 device triggers the removal of the driver. However, code doesn't update the respective global variable and after
- CVE-2024-38630Jun 21, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger When the cpu5wdt module is removing, the origin code uses del_timer() to de-activate the timer. If the timer handler is running, del_timer()
- CVE-2024-38629Jun 21, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Avoid unnecessary destruction of file_ida file_ida is allocated during cdev open and is freed accordingly during cdev release. This sequence is guaranteed by driver file operations. Therefore,
- CVE-2024-38628Jun 21, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind. Hang on to the control IDs instead of pointers since those are correctly handled with locks.
- CVE-2024-38627Jun 21, 2024affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees "stm" so the vfree(stm) on the next line is a double free.
Page 7 of 42