VYPR

rpm package

suse/kernel-source&distro=SUSE Linux Enterprise Server 12 SP5

pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Vulnerabilities (1,486)

  • CVE-2024-26791Apr 4, 2024
    affected < 4.12.14-122.219.1fixed 4.12.14-122.219.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bou

  • CVE-2024-26779Apr 3, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix race condition on enabling fast-xmit fast-xmit must only be enabled after the sta has been uploaded to the driver, otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls

  • CVE-2024-26778Apr 3, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-ze

  • CVE-2024-26777Apr 3, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero

  • CVE-2024-26775Apr 3, 2024
    affected < 4.12.14-122.219.1fixed 4.12.14-122.219.1

    In the Linux kernel, the following vulnerability has been resolved: aoe: avoid potential deadlock at set_capacity Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario: CPU0 CPU1

  • CVE-2024-26773Apr 3, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a

  • CVE-2024-26772Apr 3, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating block

  • CVE-2024-26771Apr 3, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Add some null pointer checks to the edma_probe devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by che

  • CVE-2024-26763Apr 3, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified [1]. So, fix this proble

  • CVE-2024-26754Apr 3, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() The gtp_net_ops pernet operations structure for the subsystem must be registered before registering the generic netlink family. Syzkaller hit '

  • CVE-2024-26752Apr 3, 2024
    affected < 4.12.14-122.219.1fixed 4.12.14-122.219.1

    In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6_append_data l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this,

  • CVE-2024-26747Apr 3, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usb_role_switch parent's module reference after the user get usb_role_switch device and put the r

  • CVE-2024-26744Apr 3, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Support specifying the srpt_service_guid parameter Make loading ib_srpt with this parameter set work. The current behavior is that setting that parameter while loading the ib_srpt kernel module trigg

  • CVE-2024-26743Apr 3, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedr_create_user_qp error flow Avoid the following warning by making sure to free the allocated resources in case that qedr_init_user_queue() fail. -----------[ cut here ]----------- WARNING: CP

  • CVE-2024-26739Apr 3, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: don't override retval if we already lost the skb If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcod

  • CVE-2024-26735Apr 3, 2024
    affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1

    In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering the generic netlink family.

  • CVE-2024-26733Apr 3, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpr

  • CVE-2024-26704Apr 3, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves are successfully executed, and only discards orig_inode and donor_inode preallocat

  • CVE-2024-26689Apr 3, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), "use after free" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the ref

  • CVE-2024-26687Apr 3, 2024
    affected < 4.12.14-122.222.1fixed 4.12.14-122.222.1

    In the Linux kernel, the following vulnerability has been resolved: xen/events: close evtchn after mapping cleanup shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being t

Page 35 of 75