suse/kernel-source&distro=SUSE Manager Server 4.3

Vulnerabilities (1,907)

• CVE-2024-38560HigJun 19, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that

• CVE-2024-38559MedJun 19, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure t

• CVE-2024-38564Jun 19, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE bpf_prog_attach uses attach_type_to_prog_type to enforce proper attach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses bpf_prog_g

• CVE-2024-38555Jun 19, 2024
  affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1

  In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state. Avoid calling completion handler in this case, since the device wil

• CVE-2024-38545Jun 19, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the xa_loc

• CVE-2024-38541Jun 19, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not

• CVE-2024-36978HigJun 19, 2024
  affected < 5.14.21-150400.24.170.1fixed 5.14.21-150400.24.170.1

  In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune() q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherw

• CVE-2024-36974HigJun 18, 2024
  affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1

  In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the k

• CVE-2024-36971KEVJun 10, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_ca

• CVE-2024-36964Jun 3, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set (among others) the suid bit. This was presumably not the intent s

• CVE-2024-36940HigMay 30, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freei

• CVE-2024-36904HigMay 30, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operat

• CVE-2024-36899HigMay 30, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed

• CVE-2024-36894MedMay 30, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario

• CVE-2024-36926May 30, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE At the time of LPAR boot up, partition firmware provides Open Firmware property ibm,dma-window for the PE. This property is provided on the PCI

• CVE-2023-52881May 29, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guidelines: The

• CVE-2023-52880May 24, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any unprivileged user can attach N_GSM0710 ldisc, but it requires CAP_NET_ADMIN to create a GSM network anyway. Require initial namespace CAP_NET_ADM

• CVE-2021-47571May 24, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() The free_rtllib() function frees the "dev" pointer so there is use after free on the next line. Re-arrange things to avoid that.

• CVE-2021-47565May 24, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix kernel panic during drive powercycle test While looping over shost's sdev list it is possible that one of the drives is getting removed and its sas_target object is freed but its sdev object

• CVE-2021-47564May 24, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix double free issue on err path fix error path handling in prestera_bridge_port_join() that cases prestera driver to crash (see below). Trace: Internal error: Oops: 96000044 [#1]