rpm package
suse/kernel-livepatch-SLE15-SP6-RT_Update_2&distro=SUSE Linux Enterprise Live Patching 15 SP6
pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_2&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6
Vulnerabilities (428)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-41066 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Add tx check to prevent skb leak Below is a summary of how the driver stores a reference to an skb during transmit: tx_buff[free_map[consumer_index]]->skb = new_skb; free_map[consumer_index] = | ||
| CVE-2024-41065 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-* results in a BUG() when the config CONFIG_HARDENED_USERCOPY is enabled | ||
| CVE-2024-41064 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: avoid possible crash when edev->pdev changes If a PCI device is removed during eeh_pe_report_edev(), edev->pdev will change and can cause a crash, hold the PCI rescan/remove lock while taking a cop | ||
| CVE-2024-41063 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() syzbot is reporting that calling hci_release_dev() from hci_error_reset() due to hci_dev_put() from hci_error_reset() can cause deadlock at destro | ||
| CVE-2024-41062 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hci_rx_work, where the former releases the sock and the latter accesses it without lock protection | ||
| CVE-2024-41061 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport [Why] Potential out of bounds access in dml2_calculate_rq_and_dlg_params() because the value of out_lowest_state_idx used as an index for | ||
| CVE-2024-41060 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check bo_va->bo is non-NULL before using it The call to radeon_vm_clear_freed might clear bo_va->bo, so we have to check it before dereferencing it. | ||
| CVE-2024-41059 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411 hfsplus_listxattr+0x11e9/0x | ||
| CVE-2024-41058 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: sl | ||
| CVE-2024-41057 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: | ||
| CVE-2024-41056 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Use strnlen() instead of strlen() on the algorithm and coefficient name string arrays in V1 wmfw files. In V1 wmfw files the name is a NUL-termin | ||
| CVE-2024-41051 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: cachefiles: wait for ondemand_object_worker to finish when dropping object When queuing ondemand_object_worker() to re-open the object, cachefiles_object is not pinned. The cachefiles_object may be freed when t | ||
| CVE-2024-41050 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: cachefiles: cyclic allocation of msg_id to avoid reuse Reusing the msg_id after a maliciously completed reopen request may cause a read request to remain unprocessed and result in a hung, as shown below: | ||
| CVE-2024-41049 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was ad | ||
| CVE-2024-41048 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: skmsg: Skip zero length skb in sk_msg_recvmsg When running BPF selftests (./test_progs -t sockmap_basic) on a Loongarch platform, the following kernel panic occurs: [...] Oops[#1]: CPU: 22 PID: 2824 Comm | ||
| CVE-2024-41045 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Defer work in bpf_timer_cancel_and_free Currently, the same case as previous patch (two timer callbacks trying to cancel each other) can be invoked through bpf_map_update_elem as well, or more precisely, f | ||
| CVE-2024-41044 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'ppp_async_encode()' assumes valid LCP packets (with code from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that LCP packet has an actual | ||
| CVE-2024-41041 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). syzkaller triggered the warning [0] in udp_v4_early_demux(). In udp_v[46]_early_demux() and sk_lookup(), we do not touch the refcount of the looked-up sk a | ||
| CVE-2024-41040 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix UAF when resolving a clash KASAN reports the following UAF: BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct] Read of size 1 at addr ffff888c07603600 by ta | ||
| CVE-2024-41039 | — | < 1-150600.1.3.2 | 1-150600.1.3.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw header, to prevent overrunning the buffer. The original code tested that the firmw |
- CVE-2024-41066Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Add tx check to prevent skb leak Below is a summary of how the driver stores a reference to an skb during transmit: tx_buff[free_map[consumer_index]]->skb = new_skb; free_map[consumer_index] =
- CVE-2024-41065Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-* results in a BUG() when the config CONFIG_HARDENED_USERCOPY is enabled
- CVE-2024-41064Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: avoid possible crash when edev->pdev changes If a PCI device is removed during eeh_pe_report_edev(), edev->pdev will change and can cause a crash, hold the PCI rescan/remove lock while taking a cop
- CVE-2024-41063Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() syzbot is reporting that calling hci_release_dev() from hci_error_reset() due to hci_dev_put() from hci_error_reset() can cause deadlock at destro
- CVE-2024-41062Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hci_rx_work, where the former releases the sock and the latter accesses it without lock protection
- CVE-2024-41061Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport [Why] Potential out of bounds access in dml2_calculate_rq_and_dlg_params() because the value of out_lowest_state_idx used as an index for
- CVE-2024-41060Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check bo_va->bo is non-NULL before using it The call to radeon_vm_clear_freed might clear bo_va->bo, so we have to check it before dereferencing it.
- CVE-2024-41059Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411 hfsplus_listxattr+0x11e9/0x
- CVE-2024-41058Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: sl
- CVE-2024-41057Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN:
- CVE-2024-41056Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Use strnlen() instead of strlen() on the algorithm and coefficient name string arrays in V1 wmfw files. In V1 wmfw files the name is a NUL-termin
- CVE-2024-41051Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: cachefiles: wait for ondemand_object_worker to finish when dropping object When queuing ondemand_object_worker() to re-open the object, cachefiles_object is not pinned. The cachefiles_object may be freed when t
- CVE-2024-41050Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: cachefiles: cyclic allocation of msg_id to avoid reuse Reusing the msg_id after a maliciously completed reopen request may cause a read request to remain unprocessed and result in a hung, as shown below:
- CVE-2024-41049Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was ad
- CVE-2024-41048Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: skmsg: Skip zero length skb in sk_msg_recvmsg When running BPF selftests (./test_progs -t sockmap_basic) on a Loongarch platform, the following kernel panic occurs: [...] Oops[#1]: CPU: 22 PID: 2824 Comm
- CVE-2024-41045Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: bpf: Defer work in bpf_timer_cancel_and_free Currently, the same case as previous patch (two timer callbacks trying to cancel each other) can be invoked through bpf_map_update_elem as well, or more precisely, f
- CVE-2024-41044Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'ppp_async_encode()' assumes valid LCP packets (with code from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that LCP packet has an actual
- CVE-2024-41041Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). syzkaller triggered the warning [0] in udp_v4_early_demux(). In udp_v[46]_early_demux() and sk_lookup(), we do not touch the refcount of the looked-up sk a
- CVE-2024-41040Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix UAF when resolving a clash KASAN reports the following UAF: BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct] Read of size 1 at addr ffff888c07603600 by ta
- CVE-2024-41039Jul 29, 2024affected < 1-150600.1.3.2fixed 1-150600.1.3.2
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw header, to prevent overrunning the buffer. The original code tested that the firmw
Page 14 of 22