rpm package
suse/kernel-source&distro=SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Vulnerabilities (253)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-44947 | — | < 3.0.101-108.162.1 | 3.0.101-108.162.1 | Sep 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_ | ||
| CVE-2024-43883 | — | < 3.0.101-108.162.1 | 3.0.101-108.162.1 | Aug 23, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speak | ||
| CVE-2022-48919 | — | < 3.0.101-108.162.1 | 3.0.101-108.162.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free | ||
| CVE-2024-43882 | Hig | 7.0 | < 3.0.101-108.162.1 | 3.0.101-108.162.1 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done against the file's metadata at that moment, and on success, a file pointer | |
| CVE-2024-42232 | — | < 3.0.101-108.162.1 | 3.0.101-108.162.1 | Aug 7, 2024 | In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can re | ||
| CVE-2024-42148 | — | < 3.0.101-108.165.1 | 3.0.101-108.165.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or more, or when the user defines a number of Ethernet queues greater than or equ | ||
| CVE-2024-42145 | — | < 3.0.101-108.159.1 | 3.0.101-108.159.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extra | ||
| CVE-2024-42104 | — | < 3.0.101-108.165.1 | 3.0.101-108.165.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries Syzbot reported that mounting and unmounting a specific pattern of corrupted nilfs2 filesystem images causes a use-after-free of metadata file in | ||
| CVE-2022-48839 | — | < 3.0.101-108.162.1 | 3.0.101-108.162.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packet_recvmsg() syzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH and mmap operations, tpacket_rcv() is queueing skbs with garbage in skb->cb[] | ||
| CVE-2022-48791 | — | < 3.0.101-108.162.1 | 3.0.101-108.162.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted before we handle the IO completion in mpi_ssp_completion(). The abort occurs due to ti | ||
| CVE-2024-40902 | — | < 3.0.101-108.165.1 | 3.0.101-108.165.1 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than t | ||
| CVE-2023-52340 | — | < 3.0.101-108.153.1 | 3.0.101-108.153.1 | Jul 5, 2024 | The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket. | ||
| CVE-2016-20022 | Hig | 8.4 | < 3.0.101-108.159.1 | 3.0.101-108.159.1 | Jun 27, 2024 | In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier. | |
| CVE-2021-4439 | — | < 3.0.101-108.159.1 | 3.0.101-108.159.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->ta | ||
| CVE-2021-47600 | — | < 3.0.101-108.159.1 | 3.0.101-108.159.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec(). | ||
| CVE-2021-47589 | — | < 3.0.101-108.168.1 | 3.0.101-108.168.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_iore | ||
| CVE-2021-47580 | — | < 3.0.101-108.159.1 | 3.0.101-108.159.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out of bounds. With min_t() type "int" the values get sign extended and the larger va | ||
| CVE-2024-38599 | Hig | 7.1 | < 3.0.101-108.159.1 | 3.0.101-108.159.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no larger than the eraseblock minus the cleanmarker. Unlike the usual inode nodes, the x | |
| CVE-2024-38538 | — | < 3.0.101-108.165.1 | 3.0.101-108.165.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETH_HLEN bytes) skb. To fix it check if we | ||
| CVE-2024-36964 | — | < 3.0.101-108.159.1 | 3.0.101-108.159.1 | Jun 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set (among others) the suid bit. This was presumably not the intent s |
- CVE-2024-44947Sep 2, 2024affected < 3.0.101-108.162.1fixed 3.0.101-108.162.1
In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_
- CVE-2024-43883Aug 23, 2024affected < 3.0.101-108.162.1fixed 3.0.101-108.162.1
In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speak
- CVE-2022-48919Aug 22, 2024affected < 3.0.101-108.162.1fixed 3.0.101-108.162.1
In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free
- affected < 3.0.101-108.162.1fixed 3.0.101-108.162.1
In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done against the file's metadata at that moment, and on success, a file pointer
- CVE-2024-42232Aug 7, 2024affected < 3.0.101-108.162.1fixed 3.0.101-108.162.1
In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can re
- CVE-2024-42148Jul 30, 2024affected < 3.0.101-108.165.1fixed 3.0.101-108.165.1
In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or more, or when the user defines a number of Ethernet queues greater than or equ
- CVE-2024-42145Jul 30, 2024affected < 3.0.101-108.159.1fixed 3.0.101-108.159.1
In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extra
- CVE-2024-42104Jul 30, 2024affected < 3.0.101-108.165.1fixed 3.0.101-108.165.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries Syzbot reported that mounting and unmounting a specific pattern of corrupted nilfs2 filesystem images causes a use-after-free of metadata file in
- CVE-2022-48839Jul 16, 2024affected < 3.0.101-108.162.1fixed 3.0.101-108.162.1
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packet_recvmsg() syzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH and mmap operations, tpacket_rcv() is queueing skbs with garbage in skb->cb[]
- CVE-2022-48791Jul 16, 2024affected < 3.0.101-108.162.1fixed 3.0.101-108.162.1
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted before we handle the IO completion in mpi_ssp_completion(). The abort occurs due to ti
- CVE-2024-40902Jul 12, 2024affected < 3.0.101-108.165.1fixed 3.0.101-108.165.1
In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than t
- CVE-2023-52340Jul 5, 2024affected < 3.0.101-108.153.1fixed 3.0.101-108.153.1
The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.
- affected < 3.0.101-108.159.1fixed 3.0.101-108.159.1
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier.
- CVE-2021-4439Jun 20, 2024affected < 3.0.101-108.159.1fixed 3.0.101-108.159.1
In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->ta
- CVE-2021-47600Jun 19, 2024affected < 3.0.101-108.159.1fixed 3.0.101-108.159.1
In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec().
- CVE-2021-47589Jun 19, 2024affected < 3.0.101-108.168.1fixed 3.0.101-108.168.1
In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_iore
- CVE-2021-47580Jun 19, 2024affected < 3.0.101-108.159.1fixed 3.0.101-108.159.1
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out of bounds. With min_t() type "int" the values get sign extended and the larger va
- affected < 3.0.101-108.159.1fixed 3.0.101-108.159.1
In the Linux kernel, the following vulnerability has been resolved: jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no larger than the eraseblock minus the cleanmarker. Unlike the usual inode nodes, the x
- CVE-2024-38538Jun 19, 2024affected < 3.0.101-108.165.1fixed 3.0.101-108.165.1
In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETH_HLEN bytes) skb. To fix it check if we
- CVE-2024-36964Jun 3, 2024affected < 3.0.101-108.159.1fixed 3.0.101-108.159.1
In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set (among others) the suid bit. This was presumably not the intent s
Page 5 of 13