rpm package

suse/kernel-livepatch-SLE15-SP6_Update_6&distro=SUSE Linux Enterprise Live Patching 15 SP6

pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_6&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6

Vulnerabilities (559)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-46775		—	< 1-150600.13.3.5	1-150600.13.3.5	Sep 18, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Validate function returns [WHAT & HOW] Function return values must be checked before data can be used in subsequent functions. This fixes 4 CHECKED_RETURN issues reported by Coverity.
CVE-2024-46770		—	< 1-150600.13.3.5	1-150600.13.3.5	Sep 18, 2024	In the Linux kernel, the following vulnerability has been resolved: ice: Add netif_device_attach/detach into PF reset flow Ethtool callbacks can be executed while reset is in progress and try to access deleted resources, e.g. getting coalesce settings can result in a NULL point
CVE-2024-46766		—	< 1-150600.13.3.5	1-150600.13.3.5	Sep 18, 2024	In the Linux kernel, the following vulnerability has been resolved: ice: move netif_queue_set_napi to rtnl-protected sections Currently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is not rtnl-locked when called from the reset. This creates the need to take the
CVE-2024-46765		—	< 1-150600.13.3.5	1-150600.13.3.5	Sep 18, 2024	In the Linux kernel, the following vulnerability has been resolved: ice: protect XDP configuration with a mutex The main threat to data consistency in ice_xdp() is a possible asynchronous PF reset. It can be triggered by a user or by TX timeout handler. XDP setup and PF reset
CVE-2024-46754		—	< 1-150600.13.3.5	1-150600.13.3.5	Sep 18, 2024	In the Linux kernel, the following vulnerability has been resolved: bpf: Remove tst_run from lwt_seg6local_prog_ops. The syzbot reported that the lwt_seg6 related BPF ops can be invoked via bpf_test_run() without without entering input_action_end_bpf() first. Martin KaFai Lau
CVE-2024-46721		—	< 1-150600.13.3.5	1-150600.13.3.5	Sep 18, 2024	In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(.
CVE-2024-46681		—	< 1-150600.13.3.5	1-150600.13.3.5	Sep 13, 2024	In the Linux kernel, the following vulnerability has been resolved: pktgen: use cpus_read_lock() in pg_net_init() I have seen the WARN_ON(smp_processor_id() != cpu) firing in pktgen_thread_worker() during tests. We must use cpus_read_lock()/cpus_read_unlock() around the for_ea
CVE-2024-46680		—	< 1-150600.13.3.5	1-150600.13.3.5	Sep 13, 2024	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix random crash seen while removing driver This fixes the random kernel crash seen while removing the driver, when running the load/unload test over multiple iterations. 1) modprobe btnx
CVE-2024-46678		—	< 1-150600.13.3.5	1-150600.13.3.5	Sep 13, 2024	In the Linux kernel, the following vulnerability has been resolved: bonding: change ipsec_lock from spin lock to mutex In the cited commit, bond->ipsec_lock is added to protect ipsec_list, hence xdo_dev_state_add and xdo_dev_state_delete are called inside this lock. As ipsec_lo
CVE-2024-45016	Med	5.5	< 1-150600.13.3.5	1-150600.13.3.5	Sep 11, 2024	In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails There is a bug in netem_enqueue() introduced by commit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") that can lead to a use-after-free.
CVE-2024-45025		—	< 1-150600.13.3.5	1-150600.13.3.5	Sep 11, 2024	In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE copy_fd_bitmaps(new, old, count) is expected to copy the first count/BITS_PER_LONG bits from old->full_fds_bits[] and fill the rest with zeroes.
CVE-2024-44995		—	< 1-150600.13.3.5	1-150600.13.3.5	Sep 4, 2024	In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset process, may cause a deadlock, the flow is as below: pf reset start
CVE-2024-44964		—	< 1-150600.13.3.5	1-150600.13.3.5	Sep 4, 2024	In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset The second tagged commit introduced a UAF, as it removed restoring q_vector->vport pointers after reinitializating the structures. This is due to
CVE-2024-44958		—	< 1-150600.13.3.5	1-150600.13.3.5	Sep 4, 2024	In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance sched_smt_present dec/inc I got the following warn report while doing stress test: jump label: negative count! WARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_de
CVE-2024-44932		—	< 1-150600.13.3.5	1-150600.13.3.5	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes (very rarely, but possible) throwing WARNs from net/core/page_pool.c:page_pool_disable_direct_recycling(). Turned out idpf fr
CVE-2024-42145		—	< 1-150600.13.3.5	1-150600.13.3.5	Jul 30, 2024	In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extra
CVE-2024-42102		—	< 1-150600.13.3.5	1-150600.13.3.5	Jul 30, 2024	In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit int
CVE-2024-41082		—	< 1-150600.13.3.5	1-150600.13.3.5	Jul 29, 2024	In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: use reserved tag for reg read/write command In some scenarios, if too many commands are issued by nvme command in the same time by user tasks, this may exhaust all tags of admin_q. If a reset (nvm
CVE-2024-41047		—	< 1-150600.13.3.5	1-150600.13.3.5	Jul 29, 2024	In the Linux kernel, the following vulnerability has been resolved: i40e: Fix XDP program unloading while removing the driver The commit 6533e558c650 ("i40e: Fix reset path while removing the driver") introduced a new PF state "__I40E_IN_REMOVE" to block modifying the XDP progr
CVE-2024-41031		—	< 1-150600.13.3.5	1-150600.13.3.5	Jul 29, 2024	In the Linux kernel, the following vulnerability has been resolved: mm/filemap: skip to create PMD-sized page cache if needed On ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB. The PMD-sized page cache can't be supported by xarray as the following error messages

CVE-2024-46775Sep 18, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Validate function returns [WHAT & HOW] Function return values must be checked before data can be used in subsequent functions. This fixes 4 CHECKED_RETURN issues reported by Coverity.
CVE-2024-46770Sep 18, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: ice: Add netif_device_attach/detach into PF reset flow Ethtool callbacks can be executed while reset is in progress and try to access deleted resources, e.g. getting coalesce settings can result in a NULL point
CVE-2024-46766Sep 18, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: ice: move netif_queue_set_napi to rtnl-protected sections Currently, netif_queue_set_napi() is called from ice_vsi_rebuild() that is not rtnl-locked when called from the reset. This creates the need to take the
CVE-2024-46765Sep 18, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: ice: protect XDP configuration with a mutex The main threat to data consistency in ice_xdp() is a possible asynchronous PF reset. It can be triggered by a user or by TX timeout handler. XDP setup and PF reset
CVE-2024-46754Sep 18, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: bpf: Remove tst_run from lwt_seg6local_prog_ops. The syzbot reported that the lwt_seg6 related BPF ops can be invoked via bpf_test_run() without without entering input_action_end_bpf() first. Martin KaFai Lau
CVE-2024-46721Sep 18, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(.
CVE-2024-46681Sep 13, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: pktgen: use cpus_read_lock() in pg_net_init() I have seen the WARN_ON(smp_processor_id() != cpu) firing in pktgen_thread_worker() during tests. We must use cpus_read_lock()/cpus_read_unlock() around the for_ea
CVE-2024-46680Sep 13, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix random crash seen while removing driver This fixes the random kernel crash seen while removing the driver, when running the load/unload test over multiple iterations. 1) modprobe btnx
CVE-2024-46678Sep 13, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: bonding: change ipsec_lock from spin lock to mutex In the cited commit, bond->ipsec_lock is added to protect ipsec_list, hence xdo_dev_state_add and xdo_dev_state_delete are called inside this lock. As ipsec_lo
CVE-2024-45016MedSep 11, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails There is a bug in netem_enqueue() introduced by commit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") that can lead to a use-after-free.
CVE-2024-45025Sep 11, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE copy_fd_bitmaps(new, old, count) is expected to copy the first count/BITS_PER_LONG bits from old->full_fds_bits[] and fill the rest with zeroes.
CVE-2024-44995Sep 4, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset process, may cause a deadlock, the flow is as below: pf reset start
CVE-2024-44964Sep 4, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset The second tagged commit introduced a UAF, as it removed restoring q_vector->vport pointers after reinitializating the structures. This is due to
CVE-2024-44958Sep 4, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance sched_smt_present dec/inc I got the following warn report while doing stress test: jump label: negative count! WARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_de
CVE-2024-44932Aug 26, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes (very rarely, but possible) throwing WARNs from net/core/page_pool.c:page_pool_disable_direct_recycling(). Turned out idpf fr
CVE-2024-42145Jul 30, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extra
CVE-2024-42102Jul 30, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit int
CVE-2024-41082Jul 29, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: use reserved tag for reg read/write command In some scenarios, if too many commands are issued by nvme command in the same time by user tasks, this may exhaust all tags of admin_q. If a reset (nvm
CVE-2024-41047Jul 29, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix XDP program unloading while removing the driver The commit 6533e558c650 ("i40e: Fix reset path while removing the driver") introduced a new PF state "__I40E_IN_REMOVE" to block modifying the XDP progr
CVE-2024-41031Jul 29, 2024
affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: mm/filemap: skip to create PMD-sized page cache if needed On ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB. The PMD-sized page cache can't be supported by xarray as the following error messages

Page 26 of 28