VYPR

rpm package

suse/kernel-livepatch-SLE15-SP6-RT_Update_6&distro=SUSE Linux Enterprise Live Patching 15 SP6

pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_6&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6

Vulnerabilities (268)

  • CVE-2024-49944MedOct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start In sctp_listen_start() invoked by sctp_inet_listen(), it should set the sk_state back to CLOSED if sctp_autobind() fails due to whatever

  • CVE-2024-49894HigOct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in degamma hardware format translation Fixes index out of bounds issue in `cm_helper_translate_curve_to_degamma_hw_format` function. The issue could occur when the index

  • CVE-2024-49884HigOct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at() We hit the following use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in ext4_split_ext

  • CVE-2024-49883HigOct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is reallocated in ext4_ext_create_new_leaf(), we'll use the stale path and cause UAF

  • CVE-2024-49989Oct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix double free issue during amdgpu module unload Flexible endpoints use DIGs from available inflexible endpoints, so only the encoders of inflexible links need to be freed. Otherwise, a double

  • CVE-2024-49987Oct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) When netfilter has no entry to display, qsort is called with qsort(NULL, 0, ...). This results in undefined behavior, as UBSan reports: net.c:827:2: runti

  • CVE-2024-49983Oct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free When calling ext4_force_split_extent_at() in ext4_ext_replay_update_ex(), the 'ppath' is updated but it is the 'path' that is freed, thus p

  • CVE-2024-49976Oct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Drop interface_lock in stop_kthread() stop_kthread() is the offline callback for "trace/osnoise:online", since commit 5bfbcd1ee57b ("tracing/timerlat: Add interface_lock around clearing of kth

  • CVE-2024-49975Oct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_R

  • CVE-2024-49968Oct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: filesystems without casefold feature cannot be mounted with siphash When mounting the ext4 filesystem, if the default hash version is set to DX_HASH_SIPHASH but the casefold feature is not set, exit the m

  • CVE-2024-49959Oct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error In __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail() to recover some journal space. But if an error occurs while

  • CVE-2024-49945Oct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic.

  • CVE-2024-49934Oct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. See calltrace as following: --

  • CVE-2024-49933Oct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: blk_iocost: fix more out of bound shifts Recently running UBSAN caught few out of bound shifts in the ioc_forgive_debts() function: UBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38 shift exponent 80 is

  • CVE-2024-49925Oct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Register sysfs groups through driver core The driver core can register and cleanup sysfs groups already. Make use of that functionality to simplify the error handling and cleanup. Also avoid a UA

  • CVE-2024-49923Oct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags [WHAT & HOW] "dcn20_validate_apply_pipe_split_flags" dereferences merge, and thus it cannot be a null pointer. Let's pass a valid pointer

  • CVE-2024-49922Oct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null pointers before using them [WHAT & HOW] These pointers are null checked previously in the same function, indicating they might be null as reported by Coverity. As a result, they need

  • CVE-2024-49921Oct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null pointers before used [WHAT & HOW] Poniters, such as dc->clk_mgr, are null checked previously in the same function, so Coverity warns "implies that "dc->clk_mgr" might be null". As a

  • CVE-2024-49913Oct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream This commit addresses a null pointer dereference issue in the `commit_planes_for_stream` function at line 4140. The issue coul

  • CVE-2024-49912Oct 21, 2024
    affected < 1-150600.1.3.1fixed 1-150600.1.3.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' This commit adds a null check for 'stream_status' in the function 'planes_changed_for_existing_stream'. Previously, the code

Page 11 of 14