rpm package
suse/kernel-livepatch-SLE15-SP6_Update_8&distro=SUSE Linux Enterprise Live Patching 15 SP6
pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_8&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6
Vulnerabilities (281)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-56656 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips The 5760X (P7) chip's HW GRO/LRO interface is very similar to that of the previous generation (5750X or P5). However, the aggregation ID fields i | ||
| CVE-2024-56654 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating The usage of rcu_read_(un)lock while inside list_for_each_entry_rcu is not safe since for the most part entries fetched this way shall be treate | ||
| CVE-2024-56651 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110_can_ist(): fix potential use-after-free The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr during bus-off") removed the reporting of rxerr and txerr even in case of correct | ||
| CVE-2024-56650 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix LED ID check in led_tg_check() Syzbot has reported the following BUG detected by KASAN: BUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70 Read of size 1 at addr ffff8881022da0c8 by ta | ||
| CVE-2024-56649 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: enetc: Do not configure preemptible TCs if SIs do not support Both ENETC PF and VF drivers share enetc_setup_tc_mqprio() to configure MQPRIO. And enetc_setup_tc_mqprio() calls enetc_change_preemptible_tcs( | ||
| CVE-2024-56648 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid potential out-of-bound access in fill_frame_info() syzbot is able to feed a packet with 14 bytes, pretending it is a vlan one. Since fill_frame_info() is relying on skb->mac_len already, extend | ||
| CVE-2024-56644 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket Dst objects get leaked in ip6_negative_advice() when this function is executed for an expired IPv6 route located in the exception table. There are severa | ||
| CVE-2024-56643 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: dccp: Fix memory leak in dccp_feat_change_recv If dccp_feat_push_confirm() fails after new value for SP feature was accepted without reconciliation ('entry == NULL' branch), memory allocated for that value with | ||
| CVE-2024-56642 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free of kernel socket in cleanup_bearer(). syzkaller reported a use-after-free of UDP kernel socket in cleanup_bearer() without repro. [0][1] When bearer_disable() calls tipc_udp_disable(), | ||
| CVE-2024-56641 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/smc: initialize close_work early to avoid warning We encountered a warning that close_work was canceled before initialization. WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x | ||
| CVE-2024-56637 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Hold module reference while requesting a module User space may unload ip_set.ko while it is itself requesting a set type backend module, leading to a kernel crash. The race condition may be pr | ||
| CVE-2024-56636 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: geneve: do not assume mac header is set in geneve_xmit_skb() We should not assume mac header is set in output path. Use skb_eth_hdr() instead of eth_hdr() to fix the issue. sysbot reported the following : W | ||
| CVE-2024-56635 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: avoid potential UAF in default_operstate() syzbot reported an UAF in default_operstate() [1] Issue is a race between device and netns dismantles. After calling __rtnl_unlock() from netdev_run_todo(), we | ||
| CVE-2024-56634 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: gpio: grgpio: Add NULL check in grgpio_probe devm_kasprintf() can return a NULL pointer on failure,but this returned value in grgpio_probe is not checked. Add NULL check in grgpio_probe, to handle kernel NULL p | ||
| CVE-2024-56632 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix the memleak while create new ctrl failed Now while we create new ctrl failed, we have not free the tagset occupied by admin_q, here try to fix it. | ||
| CVE-2024-56630 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: free inode when ocfs2_get_init_inode() fails syzbot is reporting busy inodes after unmount, for commit 9c89fe0af826 ("ocfs2: Handle error from dquot_initialize()") forgot to call iput() when new_inode() | ||
| CVE-2024-56629 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix when get product name maybe null pointer Due to incorrect dev->product reporting by certain devices, null pointer dereferences occur when dev->product is empty, leading to potential system crash | ||
| CVE-2024-56625 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: can: dev: can_set_termination(): allow sleeping GPIOs In commit 6e86a1543c37 ("can: dev: provide optional GPIO based termination support") GPIO based termination support was added. For no particular reason tha | ||
| CVE-2024-56623 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpc_thread to terminate (UNLOADING flag and kthread_stop). On settin | ||
| CVE-2024-56622 | — | < 1-150600.13.3.2 | 1-150600.13.3.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: sysfs: Prevent div by zero Prevent a division by 0 when monitoring is not enabled. |
- CVE-2024-56656Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips The 5760X (P7) chip's HW GRO/LRO interface is very similar to that of the previous generation (5750X or P5). However, the aggregation ID fields i
- CVE-2024-56654Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating The usage of rcu_read_(un)lock while inside list_for_each_entry_rcu is not safe since for the most part entries fetched this way shall be treate
- CVE-2024-56651Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110_can_ist(): fix potential use-after-free The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr during bus-off") removed the reporting of rxerr and txerr even in case of correct
- CVE-2024-56650Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix LED ID check in led_tg_check() Syzbot has reported the following BUG detected by KASAN: BUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70 Read of size 1 at addr ffff8881022da0c8 by ta
- CVE-2024-56649Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: net: enetc: Do not configure preemptible TCs if SIs do not support Both ENETC PF and VF drivers share enetc_setup_tc_mqprio() to configure MQPRIO. And enetc_setup_tc_mqprio() calls enetc_change_preemptible_tcs(
- CVE-2024-56648Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid potential out-of-bound access in fill_frame_info() syzbot is able to feed a packet with 14 bytes, pretending it is a vlan one. Since fill_frame_info() is relying on skb->mac_len already, extend
- CVE-2024-56644Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket Dst objects get leaked in ip6_negative_advice() when this function is executed for an expired IPv6 route located in the exception table. There are severa
- CVE-2024-56643Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: dccp: Fix memory leak in dccp_feat_change_recv If dccp_feat_push_confirm() fails after new value for SP feature was accepted without reconciliation ('entry == NULL' branch), memory allocated for that value with
- CVE-2024-56642Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free of kernel socket in cleanup_bearer(). syzkaller reported a use-after-free of UDP kernel socket in cleanup_bearer() without repro. [0][1] When bearer_disable() calls tipc_udp_disable(),
- CVE-2024-56641Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: net/smc: initialize close_work early to avoid warning We encountered a warning that close_work was canceled before initialization. WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x
- CVE-2024-56637Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Hold module reference while requesting a module User space may unload ip_set.ko while it is itself requesting a set type backend module, leading to a kernel crash. The race condition may be pr
- CVE-2024-56636Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: geneve: do not assume mac header is set in geneve_xmit_skb() We should not assume mac header is set in output path. Use skb_eth_hdr() instead of eth_hdr() to fix the issue. sysbot reported the following : W
- CVE-2024-56635Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: net: avoid potential UAF in default_operstate() syzbot reported an UAF in default_operstate() [1] Issue is a race between device and netns dismantles. After calling __rtnl_unlock() from netdev_run_todo(), we
- CVE-2024-56634Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: gpio: grgpio: Add NULL check in grgpio_probe devm_kasprintf() can return a NULL pointer on failure,but this returned value in grgpio_probe is not checked. Add NULL check in grgpio_probe, to handle kernel NULL p
- CVE-2024-56632Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix the memleak while create new ctrl failed Now while we create new ctrl failed, we have not free the tagset occupied by admin_q, here try to fix it.
- CVE-2024-56630Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: ocfs2: free inode when ocfs2_get_init_inode() fails syzbot is reporting busy inodes after unmount, for commit 9c89fe0af826 ("ocfs2: Handle error from dquot_initialize()") forgot to call iput() when new_inode()
- CVE-2024-56629Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix when get product name maybe null pointer Due to incorrect dev->product reporting by certain devices, null pointer dereferences occur when dev->product is empty, leading to potential system crash
- CVE-2024-56625Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: can: dev: can_set_termination(): allow sleeping GPIOs In commit 6e86a1543c37 ("can: dev: provide optional GPIO based termination support") GPIO based termination support was added. For no particular reason tha
- CVE-2024-56623Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpc_thread to terminate (UNLOADING flag and kthread_stop). On settin
- CVE-2024-56622Dec 27, 2024affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: sysfs: Prevent div by zero Prevent a division by 0 when monitoring is not enabled.
Page 10 of 15