suse/kernel-livepatch-SLE15-SP6-RT_Update_1&distro=SUSE Linux Enterprise Live Patching 15 SP6

Vulnerabilities (834)

• CVE-2024-38622Jun 21, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add callback function pointer check before its call In dpu_core_irq_callback_handler() callback function pointer is compared to NULL, but then callback function is unconditionally called by this po

• CVE-2024-38621Jun 21, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160_copy_video() The subtract in this condition is reversed. The ->length is the length of the buffer. The ->bytesused is how many bytes we have copied thus far. Wh

• CVE-2024-38390Jun 21, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointer dereference on: msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev,

• CVE-2024-38388Jun 21, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup Use the control private_free callback to free the associated data block. This ensures that the memory won't leak, whatever way the control gets destroy

• CVE-2024-36478Jun 21, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Writing 'power' and 'submit_queues' concurrently will trigger kernel panic: Test script: modprobe null_blk nr_devices=0 mkdir -

• CVE-2024-36281Jun 21, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules rx_create no longer allocates a modify_hdr instance that needs to be cleaned up. The mlx5_modify_header_dealloc call will lead to a NU

• CVE-2024-33619Jun 21, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtime_map when allocated priv.runtime_map is only allocated when efi_novamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally.

• CVE-2023-52884Jun 21, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: Input: cyapa - add missing input core locking to suspend/resume functions Grab input->mutex during suspend/resume functions like it is done in other input drivers. This fixes the following warning during system

• CVE-2023-52883Jun 20, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible null pointer dereference abo->tbo.resource may be NULL in amdgpu_vm_bo_update.

• CVE-2024-38619MedJun 20, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and a

• CVE-2024-38615MedJun 19, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit() callback is optional The exit() callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freq_table pointer even if the exit() callback isn't pre

• CVE-2024-38599HigJun 19, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no larger than the eraseblock minus the cleanmarker. Unlike the usual inode nodes, the x

• CVE-2024-38598MedJun 19, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU

• CVE-2024-38587MedJun 19, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: speakup: Fix sizeof() vs ARRAY_SIZE() bug The "buf" pointer is an array of u16 values. This code should be using ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512), otherwise it can the still got o

• CVE-2024-38579MedJun 19, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2_dump_omd() value of ptr is increased by ciph_key_len instead of hash_iv_len which could lead to going beyond the buffer boundaries. Fix this bug by changing ciph_key

• CVE-2024-38578HigJun 19, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: ecryptfs: Fix buffer size for tag 66 packet The 'TAG 66 Packet Format' description is missing the cipher code and checksum fields that are packed into the message packet. As a result, the buffer allocated for t

• CVE-2024-38567MedJun 19, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a sp

• CVE-2024-38565MedJun 19, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper e

• CVE-2024-38558MedJun 19, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary pack

• CVE-2024-38552HigJun 19, 2024
  affected < 1-150600.1.5.1fixed 1-150600.1.5.1

  In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the num