rpm package

suse/kernel-livepatch-SLE15-SP6_Update_2&distro=SUSE Linux Enterprise Live Patching 15 SP6

pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_2&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6

Vulnerabilities (315)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-52765		—	< 1-150600.13.3.2	1-150600.13.3.2	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: mfd: qcom-spmi-pmic: Fix revid implementation The Qualcomm SPMI PMIC revid implementation is broken in multiple ways. First, it assumes that just because the sibling base device has been registered that means
CVE-2023-52764		—	< 1-150600.13.3.2	1-150600.13.3.2	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: media: gspca: cpia1: shift-out-of-bounds in set_flicker Syzkaller reported the following issue: UBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27 shift exponent 245 is too large for 32-bit t
CVE-2023-52763		—	< 1-150600.13.3.2	1-150600.13.3.2	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data. The `i3c_master_bus_init` function may attach the I2C devices before the I3C bus initialization. In this flow, the DAT `alloc_entry`` will b
CVE-2023-52762		—	< 1-150600.13.3.2	1-150600.13.3.2	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: virtio-blk: fix implicit overflow on virtio_max_dma_size The following codes have an implicit conversion from size_t to u32: (u32)max_size = (size_t)virtio_max_dma_size(vdev); This may lead overflow, Ex (size_
CVE-2023-52757		—	< 1-150600.13.3.2	1-150600.13.3.2	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when releasing mids All release_mid() callers seem to hold a reference of @mid so there is no need to call kref_put(&mid->refcount, __release_mid) under @server->mid_lock spi
CVE-2023-52754		—	< 1-150600.13.3.2	1-150600.13.3.2	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: media: imon: fix access to invalid resource for the second interface imon driver probes two USB interfaces, and at the probe of the second interface, the driver assumes blindly that the first interface got boun
CVE-2023-52753		—	< 1-150600.13.3.2	1-150600.13.3.2	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid NULL dereference of timing generator [Why & How] Check whether assigned timing generator is NULL or not before accessing its funcs to prevent NULL dereference.
CVE-2023-52752		—	< 4-150600.13.6.1	4-150600.13.6.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @
CVE-2023-52750		—	< 1-150600.13.3.2	1-150600.13.3.2	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer Prior to LLVM 15.0.0, LLVM's integrated assembler would incorrectly byte-swap NOP when compiling for big-endian, and the resulting series of by
CVE-2023-52749		—	< 1-150600.13.3.2	1-150600.13.3.2	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: spi: Fix null dereference on suspend A race condition exists where a synchronous (noqueue) transfer can be active during a system suspend. This can cause a null pointer dereference exception to occur when the s
CVE-2021-47432		—	< 1-150600.13.3.2	1-150600.13.3.2	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek() When we started spreading new inode numbers throughout most of the 64 bit inode space, that triggered some corner case bugs, in particular some integer overflo
CVE-2023-52735		—	< 1-150600.13.3.2	1-150600.13.3.2	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a
CVE-2024-36008	Med	5.5	< 1-150600.13.3.2	1-150600.13.3.2	May 20, 2024	In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree [1]. It appears the bug exists in latest trees. All calls to __in_dev_get_rcu()
CVE-2024-36005	Med	5.5	< 1-150600.13.3.2	1-150600.13.3.2	May 20, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: honor table dormant flag from netdev release event path Check for table dormant flag otherwise netdev release event path tries to unregister an already unregistered hook. [524854.857999]
CVE-2024-35976	Med	6.7	< 1-150600.13.3.2	1-150600.13.3.2	May 20, 2024	In the Linux kernel, the following vulnerability has been resolved: xsk: validate user input for XDP_{UMEM\|COMPLETION}_FILL_RING syzbot reported an illegal copy in xsk_setsockopt() [1] Make sure to validate setsockopt() @optlen parameter. [1] BUG: KASAN: slab-out-of-bounds
CVE-2024-35962	Med	5.5	< 1-150600.13.3.2	1-150600.13.3.2	May 20, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that do_replace() handlers use copy_from_sockptr() (which I fixed), followed by unsafe copy_from_sockptr_offset() calls. In all functi
CVE-2024-35998		—	< 1-150600.13.3.2	1-150600.13.3.2	May 20, 2024	In the Linux kernel, the following vulnerability has been resolved: smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquire
CVE-2024-35979		—	< 1-150600.13.3.2	1-150600.13.3.2	May 20, 2024	In the Linux kernel, the following vulnerability has been resolved: raid1: fix use-after-free for original bio in raid1_write_request() r1_bio->bios[] is used to record new bios that will be issued to underlying disks, however, in raid1_write_request(), r1_bio->bios[] will set
CVE-2024-35970		—	< 1-150600.13.3.2	1-150600.13.3.2	May 20, 2024	In the Linux kernel, the following vulnerability has been resolved: af_unix: Clear stale u->oob_skb. syzkaller started to report deadlock of unix_gc_lock after commit 4090fa373f0e ("af_unix: Replace garbage collection algorithm."), but it just uncovers the bug that has been the
CVE-2024-35957		—	< 1-150600.13.3.2	1-150600.13.3.2	May 20, 2024	In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix WARN_ON in iommu probe path Commit 1a75cc710b95 ("iommu/vt-d: Use rbtree to track iommu probed devices") adds all devices probed by the iommu driver in a rbtree indexed by the source ID of each

CVE-2023-52765May 21, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: mfd: qcom-spmi-pmic: Fix revid implementation The Qualcomm SPMI PMIC revid implementation is broken in multiple ways. First, it assumes that just because the sibling base device has been registered that means
CVE-2023-52764May 21, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: media: gspca: cpia1: shift-out-of-bounds in set_flicker Syzkaller reported the following issue: UBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27 shift exponent 245 is too large for 32-bit t
CVE-2023-52763May 21, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data. The `i3c_master_bus_init` function may attach the I2C devices before the I3C bus initialization. In this flow, the DAT `alloc_entry`` will b
CVE-2023-52762May 21, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: virtio-blk: fix implicit overflow on virtio_max_dma_size The following codes have an implicit conversion from size_t to u32: (u32)max_size = (size_t)virtio_max_dma_size(vdev); This may lead overflow, Ex (size_
CVE-2023-52757May 21, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when releasing mids All release_mid() callers seem to hold a reference of @mid so there is no need to call kref_put(&mid->refcount, __release_mid) under @server->mid_lock spi
CVE-2023-52754May 21, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: media: imon: fix access to invalid resource for the second interface imon driver probes two USB interfaces, and at the probe of the second interface, the driver assumes blindly that the first interface got boun
CVE-2023-52753May 21, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid NULL dereference of timing generator [Why & How] Check whether assigned timing generator is NULL or not before accessing its funcs to prevent NULL dereference.
CVE-2023-52752May 21, 2024
affected < 4-150600.13.6.1fixed 4-150600.13.6.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @
CVE-2023-52750May 21, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer Prior to LLVM 15.0.0, LLVM's integrated assembler would incorrectly byte-swap NOP when compiling for big-endian, and the resulting series of by
CVE-2023-52749May 21, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: spi: Fix null dereference on suspend A race condition exists where a synchronous (noqueue) transfer can be active during a system suspend. This can cause a null pointer dereference exception to occur when the s
CVE-2021-47432May 21, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek() When we started spreading new inode numbers throughout most of the 64 bit inode space, that triggered some corner case bugs, in particular some integer overflo
CVE-2023-52735May 21, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a
CVE-2024-36008MedMay 20, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree [1]. It appears the bug exists in latest trees. All calls to __in_dev_get_rcu()
CVE-2024-36005MedMay 20, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: honor table dormant flag from netdev release event path Check for table dormant flag otherwise netdev release event path tries to unregister an already unregistered hook. [524854.857999]
CVE-2024-35976MedMay 20, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING syzbot reported an illegal copy in xsk_setsockopt() [1] Make sure to validate setsockopt() @optlen parameter. [1] BUG: KASAN: slab-out-of-bounds
CVE-2024-35962MedMay 20, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that do_replace() handlers use copy_from_sockptr() (which I fixed), followed by unsafe copy_from_sockptr_offset() calls. In all functi
CVE-2024-35998May 20, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquire
CVE-2024-35979May 20, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: raid1: fix use-after-free for original bio in raid1_write_request() r1_bio->bios[] is used to record new bios that will be issued to underlying disks, however, in raid1_write_request(), r1_bio->bios[] will set
CVE-2024-35970May 20, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: af_unix: Clear stale u->oob_skb. syzkaller started to report deadlock of unix_gc_lock after commit 4090fa373f0e ("af_unix: Replace garbage collection algorithm."), but it just uncovers the bug that has been the
CVE-2024-35957May 20, 2024
affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix WARN_ON in iommu probe path Commit 1a75cc710b95 ("iommu/vt-d: Use rbtree to track iommu probed devices") adds all devices probed by the iommu driver in a rbtree indexed by the source ID of each

Page 14 of 16