rpm package
suse/kernel-livepatch-SLE15-SP6_Update_9&distro=SUSE Linux Enterprise Live Patching 15 SP6
pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_9&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6
Vulnerabilities (110)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-56579 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: amphion: Set video drvdata before register video device The video drvdata should be set before the video device is registered, otherwise video_drvdata() may return NULL in the open() file ops, and led to | ||
| CVE-2024-56568 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after | ||
| CVE-2024-56548 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl LOOP_SET_BLOCK_SIZE. While this may cause other issues like | ||
| CVE-2024-56539 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Replace one-element array with a flexible-array member in `struct mwifiex_ie_types_wildcard_ssid_params` to fix the following wa | ||
| CVE-2024-53239 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: Release resources at card release The current 6fire code tries to release the resources right after the call of usb6fire_chip_abort(). But at this moment, the card object might be still in use (as | ||
| CVE-2024-53226 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() ib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument. The driver needs to check whether it is a NULL pointer before dereferencing it | ||
| CVE-2024-53178 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: smb: Don't leak cfid when reconnect races with open_cached_dir open_cached_dir() may either race with the tcon reconnection even before compound_send_recv() or directly trigger a reconnection via SMB2_open_init | ||
| CVE-2024-53177 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: smb: prevent use-after-free due to open_cached_dir error paths If open_cached_dir() encounters an error parsing the lease from the server, the error handling may race with receiving a lease break, resulting in | ||
| CVE-2024-53176 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: smb: During unmount, ensure all cached dir instances drop their dentry The unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can race with various cached directory operations, which ultimately re | ||
| CVE-2024-53173 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open() Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfs | ||
| CVE-2024-53147 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Dec 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: exfat: fix out-of-bounds access of directory entries In the case of the directory size is greater than or equal to the cluster size, if start_clu becomes an EOF cluster(an invalid cluster) due to file system co | ||
| CVE-2024-53123 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Dec 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: mptcp: error out earlier on disconnect Eric reported a division by zero splat in the MPTCP protocol: Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainte | ||
| CVE-2024-50294 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing locking causing hanging calls If a call gets aborted (e.g. because kafs saw a signal) between it being queued for connection and the I/O thread picking up the call, the abort will be prioriti | ||
| CVE-2024-50185 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Nov 8, 2024 | In the Linux kernel, the following vulnerability has been resolved: mptcp: handle consistently DSS corruption Bugged peer implementation can send corrupted DSS options, consistently hitting a few warning in the data path. Use DEBUG_NET assertions, to avoid the splat on some bui | ||
| CVE-2024-50142 | Med | 5.5 | < 1-150600.13.3.4 | 1-150600.13.3.4 | Nov 7, 2024 | In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using SA family when sel.family is unset This expands the validation introduced in commit 07bf7908950a ("xfrm: Validate address prefix lengths in the xfrm selector.") syzbot c | |
| CVE-2024-50115 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforc | ||
| CVE-2024-50085 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow Syzkaller reported this splat: ================================================================== BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm | ||
| CVE-2024-50073 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] Read of size 8 at addr ffff88815fe99c00 by task poc/3379 CPU: 0 | ||
| CVE-2024-50036 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: do not delay dst_entries_add() in dst_release() dst_entries_add() uses per-cpu data that might be freed at netns dismantle from ip6_route_net_exit() calling dst_entries_destroy() Before ip6_route_net_exit | ||
| CVE-2024-50029 | — | < 1-150600.13.3.4 | 1-150600.13.3.4 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync This checks if the ACL connection remains valid as it could be destroyed while hci_enhanced_setup_sync is pending on cmd_sync leading to the following tra |
- CVE-2024-56579Dec 27, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: media: amphion: Set video drvdata before register video device The video drvdata should be set before the video device is registered, otherwise video_drvdata() may return NULL in the open() file ops, and led to
- CVE-2024-56568Dec 27, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after
- CVE-2024-56548Dec 27, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl LOOP_SET_BLOCK_SIZE. While this may cause other issues like
- CVE-2024-56539Dec 27, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Replace one-element array with a flexible-array member in `struct mwifiex_ie_types_wildcard_ssid_params` to fix the following wa
- CVE-2024-53239Dec 27, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: Release resources at card release The current 6fire code tries to release the resources right after the call of usb6fire_chip_abort(). But at this moment, the card object might be still in use (as
- CVE-2024-53226Dec 27, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() ib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument. The driver needs to check whether it is a NULL pointer before dereferencing it
- CVE-2024-53178Dec 27, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: smb: Don't leak cfid when reconnect races with open_cached_dir open_cached_dir() may either race with the tcon reconnection even before compound_send_recv() or directly trigger a reconnection via SMB2_open_init
- CVE-2024-53177Dec 27, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: smb: prevent use-after-free due to open_cached_dir error paths If open_cached_dir() encounters an error parsing the lease from the server, the error handling may race with receiving a lease break, resulting in
- CVE-2024-53176Dec 27, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: smb: During unmount, ensure all cached dir instances drop their dentry The unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can race with various cached directory operations, which ultimately re
- CVE-2024-53173Dec 27, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open() Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfs
- CVE-2024-53147Dec 24, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: exfat: fix out-of-bounds access of directory entries In the case of the directory size is greater than or equal to the cluster size, if start_clu becomes an EOF cluster(an invalid cluster) due to file system co
- CVE-2024-53123Dec 2, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: mptcp: error out earlier on disconnect Eric reported a division by zero splat in the MPTCP protocol: Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainte
- CVE-2024-50294Nov 19, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing locking causing hanging calls If a call gets aborted (e.g. because kafs saw a signal) between it being queued for connection and the I/O thread picking up the call, the abort will be prioriti
- CVE-2024-50185Nov 8, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: mptcp: handle consistently DSS corruption Bugged peer implementation can send corrupted DSS options, consistently hitting a few warning in the data path. Use DEBUG_NET assertions, to avoid the splat on some bui
- affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using SA family when sel.family is unset This expands the validation introduced in commit 07bf7908950a ("xfrm: Validate address prefix lengths in the xfrm selector.") syzbot c
- CVE-2024-50115Nov 5, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforc
- CVE-2024-50085Oct 29, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow Syzkaller reported this splat: ================================================================== BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm
- CVE-2024-50073Oct 29, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] Read of size 8 at addr ffff88815fe99c00 by task poc/3379 CPU: 0
- CVE-2024-50036Oct 21, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: net: do not delay dst_entries_add() in dst_release() dst_entries_add() uses per-cpu data that might be freed at netns dismantle from ip6_route_net_exit() calling dst_entries_destroy() Before ip6_route_net_exit
- CVE-2024-50029Oct 21, 2024affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync This checks if the ACL connection remains valid as it could be destroyed while hci_enhanced_setup_sync is pending on cmd_sync leading to the following tra
Page 5 of 6