rpm package

suse/kernel-livepatch-SLE15-SP6_Update_10&distro=SUSE Linux Enterprise Live Patching 15 SP6

pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_10&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6

Vulnerabilities (239)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-47408		—	< 1-150600.13.5.1	1-150600.13.5.1	Jan 11, 2025	In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the
CVE-2024-41149		—	< 1-150600.13.5.1	1-150600.13.5.1	Jan 11, 2025	In the Linux kernel, the following vulnerability has been resolved: block: avoid to reuse `hctx` not removed from cpuhp callback list If the 'hctx' isn't removed from cpuhp callback list, we can't reuse it, otherwise use-after-free may be triggered.
CVE-2024-54683		—	< 1-150600.13.5.1	1-150600.13.5.1	Jan 11, 2025	In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible ABBA deadlock Deletion of the last rule referencing a given idletimer may happen at the same time as a read of its file in sysfs: \| ======================================
CVE-2024-53680		—	< 1-150600.13.5.1	1-150600.13.5.1	Jan 11, 2025	In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instr
CVE-2024-47794		—	< 1-150600.13.5.1	1-150600.13.5.1	Jan 11, 2025	In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tailcall infinite loop caused by freplace There is a potential infinite loop issue that can occur when using a combination of tail calls and freplace. In an upcoming selftest, the attach target fo
CVE-2024-56770		—	< 1-150600.13.5.1	1-150600.13.5.1	Jan 8, 2025	In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc In general, 'qlen' of any classful qdisc should keep track of the number of packets that the qdisc itself and all of its children holds. In case of
CVE-2024-56758		—	< 1-150600.13.5.1	1-150600.13.5.1	Jan 6, 2025	In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mappi
CVE-2024-56751		—	< 1-150600.13.5.1	1-150600.13.5.1	Dec 29, 2024	In the Linux kernel, the following vulnerability has been resolved: ipv6: release nexthop on device removal The CI is hitting some aperiodic hangup at device removal time in the pmtu.sh self-test: unregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6 ref_
CVE-2024-56719		—	< 1-150600.13.5.1	1-150600.13.5.1	Dec 29, 2024	In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix TSO DMA API usage causing oops Commit 66600fac7a98 ("net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data") moved the assignment of tx_skbuff_dma[]'s members to be later in stm
CVE-2024-56718		—	< 1-150600.13.5.1	1-150600.13.5.1	Dec 29, 2024	In the Linux kernel, the following vulnerability has been resolved: net/smc: protect link down work from execute after lgr freed link down work may be scheduled before lgr freed but execute after lgr freed, which may result in crash. So it is need to hold a reference before she
CVE-2024-56703		—	< 1-150600.13.5.1	1-150600.13.5.1	Dec 28, 2024	In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix soft lockups in fib6_select_path under high next hop churn Soft lockups have been observed on a cluster of Linux-based edge routers located in a highly dynamic environment. Using the `bird` service, t
CVE-2024-56702		—	< 1-150600.13.5.1	1-150600.13.5.1	Dec 28, 2024	In the Linux kernel, the following vulnerability has been resolved: bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Arguments to a raw tracepoint are tagged as trusted, which carries the semantics that the pointer will be non-NULL. However, in certain cases, a raw tracepoint ar
CVE-2024-56640		—	< 1-150600.13.5.1	1-150600.13.5.1	Dec 27, 2024	In the Linux kernel, the following vulnerability has been resolved: net/smc: fix LGR and link use-after-free issue We encountered a LGR/link use-after-free issue, which manifested as the LGR/link refcnt reaching 0 early and entering the clear process, making resource access uns
CVE-2024-56638		—	< 1-150600.13.5.1	1-150600.13.5.1	Dec 27, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: incorrect percpu area handling under softirq Softirq can interrupt ongoing packet from process context that is walking over the percpu area that contains inner header offsets. Disable bh
CVE-2024-53163		—	< 1-150600.13.5.1	1-150600.13.5.1	Dec 24, 2024	In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_420xx - fix off by one in uof_get_name() This is called from uof_get_name_420xx() where "num_objs" is the ARRAY_SIZE() of fw_objs[]. The > needs to be >= to prevent an out of bounds access.
CVE-2024-53140		—	< 1-150600.13.5.1	1-150600.13.5.1	Dec 4, 2024	In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: - start - (optional) kicks off the dumping process - dump - actual
CVE-2024-53057	Hig	7.8	< 1-150600.13.5.1	1-150600.13.5.1	Nov 19, 2024	In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create
CVE-2024-53063		—	< 1-150600.13.5.1	1-150600.13.5.1	Nov 19, 2024	In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set or not. When not set, dvb_
CVE-2024-50290		—	< 1-150600.13.5.1	1-150600.13.5.1	Nov 19, 2024	In the Linux kernel, the following vulnerability has been resolved: media: cx24116: prevent overflows on SNR calculus as reported by Coverity, if reading SNR registers fail, a negative number will be returned, causing an underflow when reading SNR registers. Prevent that.
CVE-2024-50152		—	< 1-150600.13.5.1	1-150600.13.5.1	Nov 7, 2024	In the Linux kernel, the following vulnerability has been resolved: smb: client: fix possible double free in smb2_set_ea() Clang static checker(scan-build) warning： fs/smb/client/smb2ops.c:1304:2: Attempt to free released memory. 1304 \| kfree(ea); \| ^~~~~

CVE-2024-47408Jan 11, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the
CVE-2024-41149Jan 11, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: block: avoid to reuse `hctx` not removed from cpuhp callback list If the 'hctx' isn't removed from cpuhp callback list, we can't reuse it, otherwise use-after-free may be triggered.
CVE-2024-54683Jan 11, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible ABBA deadlock Deletion of the last rule referencing a given idletimer may happen at the same time as a read of its file in sysfs: | ======================================
CVE-2024-53680Jan 11, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instr
CVE-2024-47794Jan 11, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tailcall infinite loop caused by freplace There is a potential infinite loop issue that can occur when using a combination of tail calls and freplace. In an upcoming selftest, the attach target fo
CVE-2024-56770Jan 8, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc In general, 'qlen' of any classful qdisc should keep track of the number of packets that the qdisc itself and all of its children holds. In case of
CVE-2024-56758Jan 6, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mappi
CVE-2024-56751Dec 29, 2024
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: release nexthop on device removal The CI is hitting some aperiodic hangup at device removal time in the pmtu.sh self-test: unregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6 ref_
CVE-2024-56719Dec 29, 2024
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix TSO DMA API usage causing oops Commit 66600fac7a98 ("net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data") moved the assignment of tx_skbuff_dma[]'s members to be later in stm
CVE-2024-56718Dec 29, 2024
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: protect link down work from execute after lgr freed link down work may be scheduled before lgr freed but execute after lgr freed, which may result in crash. So it is need to hold a reference before she
CVE-2024-56703Dec 28, 2024
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix soft lockups in fib6_select_path under high next hop churn Soft lockups have been observed on a cluster of Linux-based edge routers located in a highly dynamic environment. Using the `bird` service, t
CVE-2024-56702Dec 28, 2024
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Arguments to a raw tracepoint are tagged as trusted, which carries the semantics that the pointer will be non-NULL. However, in certain cases, a raw tracepoint ar
CVE-2024-56640Dec 27, 2024
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix LGR and link use-after-free issue We encountered a LGR/link use-after-free issue, which manifested as the LGR/link refcnt reaching 0 early and entering the clear process, making resource access uns
CVE-2024-56638Dec 27, 2024
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: incorrect percpu area handling under softirq Softirq can interrupt ongoing packet from process context that is walking over the percpu area that contains inner header offsets. Disable bh
CVE-2024-53163Dec 24, 2024
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_420xx - fix off by one in uof_get_name() This is called from uof_get_name_420xx() where "num_objs" is the ARRAY_SIZE() of fw_objs[]. The > needs to be >= to prevent an out of bounds access.
CVE-2024-53140Dec 4, 2024
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: - start - (optional) kicks off the dumping process - dump - actual
CVE-2024-53057HigNov 19, 2024
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create
CVE-2024-53063Nov 19, 2024
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set or not. When not set, dvb_
CVE-2024-50290Nov 19, 2024
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: media: cx24116: prevent overflows on SNR calculus as reported by Coverity, if reading SNR registers fail, a negative number will be returned, causing an underflow when reading SNR registers. Prevent that.
CVE-2024-50152Nov 7, 2024
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix possible double free in smb2_set_ea() Clang static checker(scan-build) warning： fs/smb/client/smb2ops.c:1304:2: Attempt to free released memory. 1304 | kfree(ea); | ^~~~~

Page 11 of 12