VYPR

rpm package

suse/kernel-rt&distro=SUSE Real Time Module 15 SP6

pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6

Vulnerabilities (3,740)

  • CVE-2024-42117Jul 30, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: ASSERT when failing to find index by plane/stream id [WHY] find_disp_cfg_idx_by_plane_id and find_disp_cfg_idx_by_stream_id returns an array index and they return -1 when not found; however, -1

  • CVE-2024-42115Jul 30, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2_free_inode During the stress testing of the jffs2 file system,the following abnormal printouts were found: [ 2430.649000] Unable to handle kernel paging requ

  • CVE-2024-42113Jul 30, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts When using MSI/INTx interrupts, wx->num_q_vectors is uninitialized. Thus there will be kernel panic in wx_alloc_q_vectors() to allocate queue vectors

  • CVE-2024-42110Jul 30, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() The following is emitted when using idxd (DSA) dmanegine as the data mover for ntb_transport that ntb_netdev uses. [74412.5469

  • CVE-2024-42109Jul 30, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally flush pending work before notifier syzbot reports: KASAN: slab-uaf in nft_ctx_update include/net/netfilter/nf_tables.h:1831 KASAN: slab-uaf in nft_commit_release net/netfi

  • CVE-2024-42107Jul 30, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: ice: Don't process extts if PTP is disabled The ice_ptp_extts_event() function can race with ice_ptp_release() and result in a NULL pointer dereference which leads to a kernel panic. Panic occurs because the i

  • CVE-2024-42106Jul 30, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: inet_diag: Initialize pad field in struct inet_diag_req_v2 KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw sockets uses the pad field in struct inet_diag_req_v2 for the underlying protocol.

  • CVE-2024-42105Jul 30, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix inode number range checks Patch series "nilfs2: fix potential issues related to reserved inodes". This series fixes one use-after-free issue reported by syzbot, caused by nilfs2's internal inode be

  • CVE-2024-42104Jul 30, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries Syzbot reported that mounting and unmounting a specific pattern of corrupted nilfs2 filesystem images causes a use-after-free of metadata file in

  • CVE-2024-42102Jul 30, 2024
    affected < 6.4.0-150600.10.20.1fixed 6.4.0-150600.10.20.1

    In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit int

  • CVE-2024-42101Jul 30, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes In nouveau_connector_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointe

  • CVE-2023-52888Jul 30, 2024
    affected < 6.4.0-150600.10.44.1fixed 6.4.0-150600.10.44.1

    In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Only free buffer VA that is not NULL In the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly called only when the buffer to free exists, there are some instances that didn'

  • CVE-2024-42097MedJul 29, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In load_data(), make the validation of and skipping over the main info block match that in load_guspatch(). In load_guspatch(), add checking that the specified p

  • CVE-2024-42096MedJul 29, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc() The 'profile_pc()' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions b

  • CVE-2024-42093HigJul 29, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow.

  • CVE-2024-42098Jul 29, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize private_key private_key is overwritten with the key parameter passed in by the caller (if present), or alternatively a newly generated private key. However, it is possible that

  • CVE-2024-42095Jul 29, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: serial: 8250_omap: Implementation of Errata i2310 As per Errata i2310[0], Erroneous timeout can be triggered, if this Erroneous interrupt is not cleared then it may leads to storm of interrupts, therefore apply

  • CVE-2024-42092Jul 29, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: gpio: davinci: Validate the obtained number of IRQs Value of pdata->gpio_unbanked is taken from Device Tree. In case of broken DT due to any error this value can be any. Without this value validation there can

  • CVE-2024-42090MedJul 29, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER In create_pinctrl(), pinctrl_maps_mutex is acquired before calling add_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl() c

  • CVE-2024-42089Jul 29, 2024
    affected < 6.4.0-150600.10.8.3fixed 6.4.0-150600.10.8.3

    In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl-asoc-card: set priv->pdev before using it priv->pdev pointer was set after being used in fsl_asoc_card_audmux_init(). Move this assignment at the start of the probe function, so sub-functions can corr

Page 135 of 187