suse/kernel-source&distro=SUSE Linux Enterprise Server 15 SP4-LTSS

Vulnerabilities (2,830)

• CVE-2021-47585Jun 19, 2024
  affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1

  In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak in __add_inode_ref() Line 1169 (#3) allocates a memory chunk for victim_name by kmalloc(), but when the function returns in line 1184 (#4) victim_name allocated by line 1169 (#3) is not

• CVE-2021-47584Jun 19, 2024
  affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1

  In the Linux kernel, the following vulnerability has been resolved: iocost: Fix divide-by-zero on donation from low hweight cgroup The donation calculation logic assumes that the donor has non-zero after-donation hweight, so the lowest active hweight a donating cgroup can have

• CVE-2021-47583Jun 19, 2024
  affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1

  In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutex_init() location Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized mutex. The problem was in wrong mutex_init() location. Previous mutex_init(&state->msg_lock) call was

• CVE-2021-47582Jun 19, 2024
  affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1

  In the Linux kernel, the following vulnerability has been resolved: USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke usb_start_wait_urb(), which contains an uninterruptible wait with a user-specified timeout valu

• CVE-2021-47580Jun 19, 2024
  affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out of bounds. With min_t() type "int" the values get sign extended and the larger va

• CVE-2021-47578Jun 19, 2024
  affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Don't call kcalloc() if size arg is zero If the size arg to kcalloc() is zero, it returns ZERO_SIZE_PTR. Because of that, for a following NULL pointer check to work on the returned pointer, k

• CVE-2021-47576Jun 19, 2024
  affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() In resp_mode_select() sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in resp_mode_select+0xa4c/0xb40

• CVE-2024-38578HigJun 19, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: ecryptfs: Fix buffer size for tag 66 packet The 'TAG 66 Packet Format' description is missing the cipher code and checksum fields that are packed into the message packet. As a result, the buffer allocated for t

• CVE-2024-38560HigJun 19, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that

• CVE-2024-38559MedJun 19, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure t

• CVE-2024-38564Jun 19, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE bpf_prog_attach uses attach_type_to_prog_type to enforce proper attach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses bpf_prog_g

• CVE-2024-38555Jun 19, 2024
  affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1

  In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state. Avoid calling completion handler in this case, since the device wil

• CVE-2024-38545Jun 19, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the xa_loc

• CVE-2024-38541Jun 19, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not

• CVE-2024-36978HigJun 19, 2024
  affected < 5.14.21-150400.24.170.1fixed 5.14.21-150400.24.170.1

  In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune() q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherw

• CVE-2024-36974HigJun 18, 2024
  affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1

  In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the k

• CVE-2024-36971KEVJun 10, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_ca

• CVE-2024-36964Jun 3, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set (among others) the suid bit. This was presumably not the intent s

• CVE-2024-36940HigMay 30, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freei

• CVE-2024-36904HigMay 30, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operat