VYPR

rpm package

suse/kernel-livepatch-SLE15-SP6_Update_1&distro=SUSE Linux Enterprise Live Patching 15 SP6

pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6

Vulnerabilities (425)

  • CVE-2024-26844Apr 17, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: block: Fix WARNING in _copy_from_iter Syzkaller reports a warning in _copy_from_iter because an iov_iter is supposedly used in the wrong direction. The reason is that syzcaller managed to generate a request wit

  • CVE-2024-26836Apr 17, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be run before the attribute value is changed (if Admin password is enabled). Tested

  • CVE-2024-26832Apr 17, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix missing folio cleanup in writeback race path In zswap_writeback_entry(), after we get a folio from __read_swap_cache_async(), we grab the tree lock again to check that the swap entry was not inva

  • CVE-2024-26822Apr 17, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll

  • CVE-2024-26816MedApr 10, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the "startup_xen" entry point. This information is us

  • CVE-2024-26815Apr 10, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check taprio_parse_tc_entry() is not correctly checking TCA_TAPRIO_TC_ENTRY_INDEX attribute: int tc; // Signed value tc = nla_get_u32(tb[TCA_TAPRIO_TC_ENT

  • CVE-2024-26807Apr 4, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: Both cadence-quadspi ->runtime_suspend() and ->runtime_resume() implementations start with: struct cqspi_st *cqspi = dev_get_drvdata(dev); struct spi_controller *host = dev_get_drvdata(dev); This obviously c

  • CVE-2024-26805Apr 4, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter syzbot reported the following uninit-value access issue [1]: netlink_to_full_skb() creates a new `skb` and puts the `skb->data` passed as a 1st ar

  • CVE-2024-26802Apr 4, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: stmmac: Clear variable when destroying workqueue Currently when suspending driver and stopping workqueue it is checked whether workqueue is not NULL and if so, it is destroyed. Function destroy_workqueue() does

  • CVE-2024-26793Apr 4, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_newlink() The gtp_link_ops operations structure for the subsystem must be registered after registering the gtp_net_ops pernet operations structure. Syzkaller h

  • CVE-2024-26791Apr 4, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bou

  • CVE-2024-26786Apr 4, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix iopt_access_list_id overwrite bug Syzkaller reported the following WARN_ON: WARNING: CPU: 1 PID: 4738 at drivers/iommu/iommufd/io_pagetable.c:1360 Call Trace: iommufd_access_change_ioas+0x2

  • CVE-2024-26783Apr 4, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the followi

  • CVE-2024-26775Apr 3, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: aoe: avoid potential deadlock at set_capacity Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario: CPU0 CPU1

  • CVE-2024-26774Apr 3, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt Determine if bb_fragments is 0 instead of determining bb_free to eliminate the risk of dividing by zero when the block bitmap

  • CVE-2024-26773Apr 3, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a

  • CVE-2024-26772Apr 3, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating block

  • CVE-2024-26769Apr 3, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid deadlock on delete association path When deleting an association the shutdown path is deadlocking because we try to flush the nvmet_wq nested. Avoid this by deadlock by deferring the put work in

  • CVE-2024-26764Apr 3, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio If kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the following kernel warning appears: WARNING: CPU: 3 PID: 368 at fs/aio.c:

  • CVE-2024-26761Apr 3, 2024
    affected < 1-150600.13.3.7fixed 1-150600.13.3.7

    In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption that HPA == SPA. That is, the host physical address (HPA) the HDM decoder regist

Page 19 of 22