rpm package
suse/kernel-livepatch-SLE15-SP6_Update_1&distro=SUSE Linux Enterprise Live Patching 15 SP6
pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6
Vulnerabilities (425)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-27027 | — | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: dpll: fix dpll_xa_ref_*_del() for multiple registrations Currently, if there are multiple registrations of the same pin on the same dpll device, following warnings are observed: WARNING: CPU: 5 PID: 2212 at dri | ||
| CVE-2024-27022 | Hig | 7.8 | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole | |
| CVE-2024-27013 | Med | 5.5 | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhost_worker will call tun call backs to receive packets. If too many illegal packets arrives, tun_do_read will keep dumping packet contents. Whe | |
| CVE-2024-27004 | Med | 5.5 | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disable_unused Doug reported [1] the following hung task: INFO: task swapper/0:1 blocked for more than 122 seconds. Not tainted 5.15.149-21875-gf795ebc40e | |
| CVE-2024-26993 | Med | 5.5 | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfs_break_active_protection() The sysfs_break_active_protection() routine has an obvious reference leak in its error path. If the call to kernfs_find_and_get() fails then kn | |
| CVE-2024-26988 | Hig | 7.8 | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for static_command_line, but the strings copied into static_command_line are extr | |
| CVE-2024-26982 | Hig | 7.1 | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero Syskiller has produced an out of bounds access in fill_meta_index(). That out of bounds access is ultimately caused because the inode has an in | |
| CVE-2024-26973 | Med | 5.5 | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must | |
| CVE-2024-26961 | Hig | 7.8 | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: mac802154: fix llsec key resources release in mac802154_llsec_key_del mac802154_llsec_key_del() can free resources of a key directly without following the RCU rules for waiting before the end of a grace period. | |
| CVE-2024-26960 | Med | 5.5 | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was runni | |
| CVE-2024-26958 | Hig | 7.8 | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at | |
| CVE-2024-26951 | Hig | 7.8 | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for dangling peer via is_dead instead of empty list If all peers are removed via wg_peer_remove_all(), rather than setting peer_list to empty, the peer is added to a temporary list wit | |
| CVE-2024-26950 | Med | 5.5 | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer The previous commit fixed a bug that led to a NULL peer->device being dereferenced. It's actually easier and faster performance-wise to instead get | |
| CVE-2024-26937 | Med | 5.5 | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request t | |
| CVE-2024-26935 | Med | 5.5 | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix unremoved procfs host directory regression Commit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name} directory earlier") fixed a bug related to modules loading/unloading, by adding a | |
| CVE-2024-26934 | Hig | 7.8 | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device l | |
| CVE-2024-27014 | — | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the `priv->state_lock`, any scheduled aRFS works are canceled using the `cancel_work_sync` function, which waits for the work to end if | ||
| CVE-2024-27008 | — | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or) | ||
| CVE-2024-27003 | — | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree for clk_summary Similar to the previous commit, we should make sure that all devices are runtime resumed before printing the clk_summary through debugfs. Failure to do so | ||
| CVE-2024-27002 | — | < 1-150600.13.3.7 | 1-150600.13.3.7 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_loc |
- CVE-2024-27027May 1, 2024affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: dpll: fix dpll_xa_ref_*_del() for multiple registrations Currently, if there are multiple registrations of the same pin on the same dpll device, following warnings are observed: WARNING: CPU: 5 PID: 2212 at dri
- affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole
- affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhost_worker will call tun call backs to receive packets. If too many illegal packets arrives, tun_do_read will keep dumping packet contents. Whe
- affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disable_unused Doug reported [1] the following hung task: INFO: task swapper/0:1 blocked for more than 122 seconds. Not tainted 5.15.149-21875-gf795ebc40e
- affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfs_break_active_protection() The sysfs_break_active_protection() routine has an obvious reference leak in its error path. If the call to kernfs_find_and_get() fails then kn
- affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for static_command_line, but the strings copied into static_command_line are extr
- affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero Syskiller has produced an out of bounds access in fill_meta_index(). That out of bounds access is ultimately caused because the inode has an in
- affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must
- affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: mac802154: fix llsec key resources release in mac802154_llsec_key_del mac802154_llsec_key_del() can free resources of a key directly without following the RCU rules for waiting before the end of a grace period.
- affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was runni
- affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at
- affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for dangling peer via is_dead instead of empty list If all peers are removed via wg_peer_remove_all(), rather than setting peer_list to empty, the peer is added to a temporary list wit
- affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer The previous commit fixed a bug that led to a NULL peer->device being dereferenced. It's actually easier and faster performance-wise to instead get
- affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request t
- affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix unremoved procfs host directory regression Commit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name} directory earlier") fixed a bug related to modules loading/unloading, by adding a
- affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device l
- CVE-2024-27014May 1, 2024affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the `priv->state_lock`, any scheduled aRFS works are canceled using the `cancel_work_sync` function, which waits for the work to end if
- CVE-2024-27008May 1, 2024affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or)
- CVE-2024-27003May 1, 2024affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree for clk_summary Similar to the previous commit, we should make sure that all devices are runtime resumed before printing the clk_summary through debugfs. Failure to do so
- CVE-2024-27002May 1, 2024affected < 1-150600.13.3.7fixed 1-150600.13.3.7
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_loc
Page 15 of 22