rpm package

suse/kernel-livepatch-SLE15-SP6_Update_4&distro=SUSE Linux Enterprise Live Patching 15 SP6

pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_4&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6

Vulnerabilities (460)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-36489	Med	5.5	< 1-150600.13.3.3	1-150600.13.3.3	Jun 21, 2024	In the Linux kernel, the following vulnerability has been resolved: tls: fix missing memory barrier in tls_init In tls_init(), a write memory barrier is missing, and store-store reordering may cause NULL dereference in tls_{setsockopt,getsockopt}. CPU0
CVE-2024-36286	Med	5.5	< 1-150600.13.3.3	1-150600.13.3.3	Jun 21, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-0206
CVE-2024-36270	Med	5.5	< 1-150600.13.3.3	1-150600.13.3.3	Jun 21, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr
CVE-2024-31076		—	< 1-150600.13.3.3	1-150600.13.3.3	Jun 21, 2024	In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of interrupt affinity reconfiguration via procfs. Instead, the change is de
CVE-2024-38609		—	< 1-150600.13.3.3	1-150600.13.3.3	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: connac: check for null before dereferencing The wcid can be NULL. It should be checked for validity before dereferencing it to avoid crash.
CVE-2024-38563		—	< 1-150600.13.3.3	1-150600.13.3.3	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature Without this commit, reading chip temperature will cause memory leakage.
CVE-2024-38548		—	< 1-150600.13.3.3	1-150600.13.3.3	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is assigned to mhdp_state->current_mode, and there is a dereference of it
CVE-2024-36979		—	< 1-150600.13.3.3	1-150600.13.3.3	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same
CVE-2024-36970		—	< 1-150600.13.3.3	1-150600.13.3.3	Jun 8, 2024	In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Use request_module_nowait This appears to work around a deadlock regression that came in with the LED merge in 6.9. The deadlock happens on my system with 24 iwlwifi radios, so maybe it somethin
CVE-2024-36939	Med	5.5	< 1-150600.13.3.3	1-150600.13.3.3	May 30, 2024	In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpc_proc_register() in nfs_net_init(). syzkaller reported a warning [0] triggered while destroying immature netns. rpc_proc_register() was called in init_nfs_fs(), but its error has been i
CVE-2024-36929	Med	5.5	< 1-150600.13.3.3	1-150600.13.3.3	May 30, 2024	In the Linux kernel, the following vulnerability has been resolved: net: core: reject skb_copy(_expand) for fraglist GSO skbs SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skb_copy or skb_copy_expand, in ord
CVE-2024-36933		—	< 1-150600.13.3.3	1-150600.13.3.3	May 30, 2024	In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and links) by a crafted GSO packet of VIRTIO_NET_HDR_GSO_UDP layering the following p
CVE-2024-36911		—	< 1-150600.13.3.3	1-150600.13.3.3	May 30, 2024	In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory
CVE-2024-36910		—	< 1-150600.13.3.3	1-150600.13.3.3	May 30, 2024	In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting m
CVE-2024-36909		—	< 1-150600.13.3.3	1-150600.13.3.3	May 30, 2024	In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error i
CVE-2024-36881		—	< 1-150600.13.3.3	1-150600.13.3.3	May 30, 2024	In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNR
CVE-2023-52859		—	< 1-150600.13.3.3	1-150600.13.3.3	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fix use-after-free when register pmu fails When we fail to register the uncore pmu, the pmu context may not been allocated. The error handing will call cpuhp_state_remove_instance() to call uncore p
CVE-2023-52752		—	< 2-150600.13.6.1	2-150600.13.6.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @
CVE-2023-52735		—	< 1-150600.13.3.3	1-150600.13.3.3	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a
CVE-2024-35949		—	< 1-150600.13.3.3	1-150600.13.3.3	May 20, 2024	In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if

CVE-2024-36489MedJun 21, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: tls: fix missing memory barrier in tls_init In tls_init(), a write memory barrier is missing, and store-store reordering may cause NULL dereference in tls_{setsockopt,getsockopt}. CPU0
CVE-2024-36286MedJun 21, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-0206
CVE-2024-36270MedJun 21, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr
CVE-2024-31076Jun 21, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of interrupt affinity reconfiguration via procfs. Instead, the change is de
CVE-2024-38609Jun 19, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: connac: check for null before dereferencing The wcid can be NULL. It should be checked for validity before dereferencing it to avoid crash.
CVE-2024-38563Jun 19, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature Without this commit, reading chip temperature will cause memory leakage.
CVE-2024-38548Jun 19, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is assigned to mhdp_state->current_mode, and there is a dereference of it
CVE-2024-36979Jun 19, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same
CVE-2024-36970Jun 8, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Use request_module_nowait This appears to work around a deadlock regression that came in with the LED merge in 6.9. The deadlock happens on my system with 24 iwlwifi radios, so maybe it somethin
CVE-2024-36939MedMay 30, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpc_proc_register() in nfs_net_init(). syzkaller reported a warning [0] triggered while destroying immature netns. rpc_proc_register() was called in init_nfs_fs(), but its error has been i
CVE-2024-36929MedMay 30, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: net: core: reject skb_copy(_expand) for fraglist GSO skbs SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skb_copy or skb_copy_expand, in ord
CVE-2024-36933May 30, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and links) by a crafted GSO packet of VIRTIO_NET_HDR_GSO_UDP layering the following p
CVE-2024-36911May 30, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory
CVE-2024-36910May 30, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting m
CVE-2024-36909May 30, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error i
CVE-2024-36881May 30, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNR
CVE-2023-52859May 21, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fix use-after-free when register pmu fails When we fail to register the uncore pmu, the pmu context may not been allocated. The error handing will call cpuhp_state_remove_instance() to call uncore p
CVE-2023-52752May 21, 2024
affected < 2-150600.13.6.1fixed 2-150600.13.6.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @
CVE-2023-52735May 21, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a
CVE-2024-35949May 20, 2024
affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if

Page 21 of 23