rpm package
suse/kernel-livepatch-SLE15-SP6_Update_6&distro=SUSE Linux Enterprise Live Patching 15 SP6
pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_6&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6
Vulnerabilities (559)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-53138 | — | < 1-150600.13.3.5 | 1-150600.13.3.5 | Dec 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of get_page() and page_ref_inc() APIs to increment the page reference. But on the release path (mlx5e_ktls_tx_handle_resy | ||
| CVE-2024-53121 | — | < 1-150600.13.3.5 | 1-150600.13.3.5 | Dec 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from hardware, set the hardware deletion function to NULL and | ||
| CVE-2024-53114 | — | < 1-150600.13.3.5 | 1-150600.13.3.5 | Dec 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client A number of Zen4 client SoCs advertise the ability to use virtualized VMLOAD/VMSAVE, but using these instructions is reported to be a cause of a rando | ||
| CVE-2024-53112 | — | < 1-150600.13.3.5 | 1-150600.13.3.5 | Dec 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_tra | ||
| CVE-2024-53110 | — | < 1-150600.13.3.5 | 1-150600.13.3.5 | Dec 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix id_table array not null terminated error Allocate one extra virtio_device_id as null terminator, otherwise vdpa_mgmtdev_get_classes() may iterate multiple times and visit undefined memory. | ||
| CVE-2024-53108 | — | < 1-150600.13.3.5 | 1-150600.13.3.5 | Dec 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust VSDB parser for replay feature At some point, the IEEE ID identification for the replay check in the AMD EDID was added. However, this check causes the following out-of-bounds issues whe | ||
| CVE-2024-53106 | — | < 1-150600.13.3.5 | 1-150600.13.3.5 | Dec 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: ima: fix buffer overrun in ima_eventdigest_init_common Function ima_eventdigest_init() calls ima_eventdigest_init_common() with HASH_ALGO__LAST which is then used to access the array hash_digest_size[] leading | ||
| CVE-2024-53104 | — | KEV | < 1-150600.13.3.5 | 1-150600.13.3.5 | Dec 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the fra | |
| CVE-2023-52922 | — | < 1-150600.13.3.5 | 1-150600.13.3.5 | Nov 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcm_proc_show() BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153 | ||
| CVE-2024-53101 | Med | 5.5 | < 1-150600.13.3.5 | 1-150600.13.3.5 | Nov 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in from_kuid and from_kgid ocfs2_setattr() uses attr->ia_mode, attr->ia_uid and attr->ia_gid in a trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren't set. Initiali | |
| CVE-2024-53100 | — | < 1-150600.13.3.5 | 1-150600.13.3.5 | Nov 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queue_lock lock and destroy Commit 76d54bf20cdc ("nvme-tcp: don't access released socket during error recovery") added a mutex_lock() call for the queue->queue_lock in nvme_tcp_get | ||
| CVE-2024-53096 | — | < 1-150600.13.3.5 | 1-150600.13.3.5 | Nov 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm: resolve faulty mmap_region() error path behaviour The mmap_region() function is somewhat terrifying, with spaghetti-like control flow and numerous means by which issues can arise and incomplete state, memor | ||
| CVE-2024-53095 | — | < 1-150600.13.3.5 | 1-150600.13.3.5 | Nov 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. [0] The workload runs on Kubernetes, and some pods mount CIFS s | ||
| CVE-2024-53094 | — | < 1-150600.13.3.5 | 1-150600.13.3.5 | Nov 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES While running ISER over SIW, the initiator machine encounters a warning from skb_splice_from_iter() indicating that a slab page is being used in sen | ||
| CVE-2024-53093 | — | < 1-150600.13.3.5 | 1-150600.13.3.5 | Nov 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: defer partition scanning We need to suppress the partition scan from occuring within the controller's scan_work context. If a path error occurs here, the IO will wait until a path becomes availa | ||
| CVE-2024-53059 | Hig | 7.8 | < 1-150600.13.3.5 | 1-150600.13.3.5 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() 1. The size of the response packet is not validated. 2. The response buffer is not freed. Resolve these issues by switching to iwl_mvm_s | |
| CVE-2024-53042 | Med | 5.5 | < 1-150600.13.3.5 | 1-150600.13.3.5 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() There are code paths from which the function is called without holding the RCU read lock, resulting in a suspicious RCU usage warning [ | |
| CVE-2024-53088 | — | < 1-150600.13.3.5 | 1-150600.13.3.5 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN filters becoming corrupted and leaking. Address the issue that occurs under hea | ||
| CVE-2024-53085 | — | < 1-150600.13.3.5 | 1-150600.13.3.5 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: tpm: Lock TPM chip in tpm_pm_suspend() first Setting TPM_CHIP_FLAG_SUSPENDED in the end of tpm_pm_suspend() can be racy according, as this leaves window for tpm_hwrng_read() to be called while the operation is | ||
| CVE-2024-53082 | — | < 1-150600.13.3.5 | 1-150600.13.3.5 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: virtio_net: Add hash_key_length check Add hash_key_length check in virtnet_probe() to avoid possible out of bound errors when setting/reading the hash key. |
- CVE-2024-53138Dec 4, 2024affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of get_page() and page_ref_inc() APIs to increment the page reference. But on the release path (mlx5e_ktls_tx_handle_resy
- CVE-2024-53121Dec 2, 2024affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from hardware, set the hardware deletion function to NULL and
- CVE-2024-53114Dec 2, 2024affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client A number of Zen4 client SoCs advertise the ability to use virtualized VMLOAD/VMSAVE, but using these instructions is reported to be a cause of a rando
- CVE-2024-53112Dec 2, 2024affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_tra
- CVE-2024-53110Dec 2, 2024affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix id_table array not null terminated error Allocate one extra virtio_device_id as null terminator, otherwise vdpa_mgmtdev_get_classes() may iterate multiple times and visit undefined memory.
- CVE-2024-53108Dec 2, 2024affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust VSDB parser for replay feature At some point, the IEEE ID identification for the replay check in the AMD EDID was added. However, this check causes the following out-of-bounds issues whe
- CVE-2024-53106Dec 2, 2024affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: ima: fix buffer overrun in ima_eventdigest_init_common Function ima_eventdigest_init() calls ima_eventdigest_init_common() with HASH_ALGO__LAST which is then used to access the array hash_digest_size[] leading
- affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the fra
- CVE-2023-52922Nov 28, 2024affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcm_proc_show() BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153
- affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in from_kuid and from_kgid ocfs2_setattr() uses attr->ia_mode, attr->ia_uid and attr->ia_gid in a trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren't set. Initiali
- CVE-2024-53100Nov 25, 2024affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queue_lock lock and destroy Commit 76d54bf20cdc ("nvme-tcp: don't access released socket during error recovery") added a mutex_lock() call for the queue->queue_lock in nvme_tcp_get
- CVE-2024-53096Nov 25, 2024affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: mm: resolve faulty mmap_region() error path behaviour The mmap_region() function is somewhat terrifying, with spaghetti-like control flow and numerous means by which issues can arise and incomplete state, memor
- CVE-2024-53095Nov 21, 2024affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. [0] The workload runs on Kubernetes, and some pods mount CIFS s
- CVE-2024-53094Nov 21, 2024affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES While running ISER over SIW, the initiator machine encounters a warning from skb_splice_from_iter() indicating that a slab page is being used in sen
- CVE-2024-53093Nov 21, 2024affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: defer partition scanning We need to suppress the partition scan from occuring within the controller's scan_work context. If a path error occurs here, the IO will wait until a path becomes availa
- affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() 1. The size of the response packet is not validated. 2. The response buffer is not freed. Resolve these issues by switching to iwl_mvm_s
- affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() There are code paths from which the function is called without holding the RCU read lock, resulting in a suspicious RCU usage warning [
- CVE-2024-53088Nov 19, 2024affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN filters becoming corrupted and leaking. Address the issue that occurs under hea
- CVE-2024-53085Nov 19, 2024affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: tpm: Lock TPM chip in tpm_pm_suspend() first Setting TPM_CHIP_FLAG_SUSPENDED in the end of tpm_pm_suspend() can be racy according, as this leaves window for tpm_hwrng_read() to be called while the operation is
- CVE-2024-53082Nov 19, 2024affected < 1-150600.13.3.5fixed 1-150600.13.3.5
In the Linux kernel, the following vulnerability has been resolved: virtio_net: Add hash_key_length check Add hash_key_length check in virtnet_probe() to avoid possible out of bound errors when setting/reading the hash key.
Page 4 of 28