VYPR

rpm package

suse/kernel-livepatch-SLE15-SP6_Update_6&distro=SUSE Linux Enterprise Live Patching 15 SP6

pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_6&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6

Vulnerabilities (559)

  • CVE-2024-50298Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: net: enetc: allocate vf_state during PF probes In the previous implementation, vf_state is allocated memory only when VF is enabled. However, net_device_ops::ndo_set_vf_mac() may be called before VF is enabled

  • CVE-2024-50296Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when uninstalling driver When the driver is uninstalled and the VF is disabled concurrently, a kernel crash occurs. The reason is that the two actions call function pci_disable_sriov

  • CVE-2024-50295Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: net: arc: fix the device for dma_map_single/dma_unmap_single The ndev->dev and pdev->dev aren't the same device, use ndev->dev.parent which has dma_mask, ndev->dev.parent is just pdev->dev. Or it would cause th

  • CVE-2024-50292Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove In case of error when requesting ctrl_chan DMA channel, ctrl_chan is not null. So the release of the dma channel leads to the following issu

  • CVE-2024-50290Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: media: cx24116: prevent overflows on SNR calculus as reported by Coverity, if reading SNR registers fail, a negative number will be returned, causing an underflow when reading SNR registers. Prevent that.

  • CVE-2024-50289Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: media: av7110: fix a spectre vulnerability As warned by smatch: drivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue 'av7110->ci_slot' [w] (local cap) There is a spectre-r

  • CVE-2024-50287Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: prevent the risk of a division by zero As reported by Coverity, the logic at tpg_precalculate_line() blindly rescales the buffer even when scaled_witdh is equal to zero. If this ever happens, t

  • CVE-2024-50282Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() Avoid a possible buffer overflow if size is larger than 4K. (cherry picked from commit f5d873f5825b40d886d03bd2aede91d4cf002434)

  • CVE-2024-50279Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing dm-cache checks the dirty bits of the cache blocks to be dropped when shrinking the fast device, but an index bug in bitset iteration causes

  • CVE-2024-50276Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: net: vertexcom: mse102x: Fix possible double free of TX skb The scope of the TX skb is wider than just mse102x_tx_frame_spi(), so in case the TX skb room needs to be expanded, we should free the the temporary s

  • CVE-2024-50275Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and

  • CVE-2024-50274Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: idpf: avoid vport access in idpf_get_link_ksettings When the device control plane is removed or the platform running device control plane is rebooted, a reset is detected on the driver. On driver reset, it rele

  • CVE-2024-50273Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: btrfs: reinitialize delayed ref list after deleting it from the list At insert_delayed_ref() if we need to update the action of an existing ref to BTRFS_DROP_DELAYED_REF, we delete the ref from its ref head's r

  • CVE-2024-50271Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: signal: restore the override_rlimit logic Prior to commit d64696905554 ("Reimplement RLIMIT_SIGPENDING on top of ucounts") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforced for a class of signals. However now i

  • CVE-2024-50269Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: usb: musb: sunxi: Fix accessing an released usb phy Commit 6ed05c68cbca ("usb: musb: sunxi: Explicitly release USB PHY on exit") will cause that usb phy @glue->xceiv is accessed after released. 1) register pla

  • CVE-2024-50268Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() The "*cmd" variable can be controlled by the user via debugfs. That means "new_cam" can be as high as 255 while the size of the uc->

  • CVE-2024-50267Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: USB: serial: io_edgeport: fix use after free in debug printk The "dev_dbg(&urb->dev->dev, ..." which happens after usb_free_urb(urb) is a use after free of the "urb" pointer. Store the "dev" pointer at the sta

  • CVE-2024-50265Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Syzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove(): [ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: s

  • CVE-2024-50264Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. T

  • CVE-2023-52921Nov 19, 2024
    affected < 1-150600.13.3.5fixed 1-150600.13.3.5

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() Since the gang_size check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang (@VAR10CK) of Baidu Securit

Page 6 of 28