rpm package
suse/kernel-source-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP5
pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5
Vulnerabilities (2,432)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-26692 | — | < 5.14.21-150500.33.57.1 | 5.14.21-150500.33.57.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: smb: Fix regression in writes when non-standard maximum write size negotiated The conversion to netfs in the 6.3 kernel caused a regression when maximum write size is set by the server to an unexpected value wh | ||
| CVE-2024-26689 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), "use after free" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the ref | ||
| CVE-2024-26688 | — | < 5.14.21-150500.33.51.1 | 5.14.21-150500.33.51.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in hugetlbfs_fill_super() caused by assigni | ||
| CVE-2024-26687 | — | < 5.14.21-150500.33.51.1 | 5.14.21-150500.33.51.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: xen/events: close evtchn after mapping cleanup shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being t | ||
| CVE-2024-26685 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async | ||
| CVE-2023-52639 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the fact that we add gmap->private | ||
| CVE-2023-52637 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Lock jsk->sk to prevent UAF when setsockopt(..., SO_J1939_FILTER, ...) modifies jsk->filters while receiving packets. Following t | ||
| CVE-2024-26659 | Med | 5.5 | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet | |
| CVE-2024-26684 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Commit 56e58d6c8a56 ("net: stmmac: Implement Safety Features in XGMAC core") checks and reports safety errors, but leaves the Data Path Pari | ||
| CVE-2024-26681 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: netdevsim: avoid potential loop in nsim_dev_trap_report_work() Many syzbot reports include the following trace [1] If nsim_dev_trap_report_work() can not grab the mutex, it should rearm itself at least one jif | ||
| CVE-2024-26680 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: atlantic: Fix DMA mapping for PTP hwts ring Function aq_ring_hwts_rx_alloc() maps extra AQ_CFG_RXDS_DEF bytes for PTP HWTS ring but then generic aq_ring_free() does not take this into account. Create and u | ||
| CVE-2024-26679 | — | < 5.14.21-150500.33.51.1 | 5.14.21-150500.33.51.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: inet: read sk->sk_family once in inet_recv_error() inet_recv_error() is called without holding the socket lock. IPv6 socket could mutate to IPv4 with IPV6_ADDRFORM socket option and trigger a KCSAN warning. | ||
| CVE-2024-26677 | — | < 5.14.21-150500.33.66.1 | 5.14.21-150500.33.66.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference. | ||
| CVE-2024-26675 | — | < 5.14.21-150500.33.51.1 | 5.14.21-150500.33.51.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adop | ||
| CVE-2023-52636 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: libceph: just wait for more data to be available on the socket A short read may occur while reading the message footer from the socket. Later, when the socket is ready for another read, the messenger invokes a | ||
| CVE-2024-26673 | — | < 5.14.21-150500.33.51.1 | 5.14.21-150500.33.51.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTO_{IPV4,IPV6,INET}. - Disallow layer 4 protocol with no ports, since destination port is a | ||
| CVE-2024-26671 | — | < 5.14.21-150500.33.51.1 | 5.14.21-150500.33.51.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered with the following blk_mq_get_driver_tag() in case of getting driver tag failure. Then in __sbitmap_ | ||
| CVE-2023-52635 | — | < 5.14.21-150500.33.51.1 | 5.14.21-150500.33.51.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from | ||
| CVE-2023-52632 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix lock dependency warning with srcu ====================================================== WARNING: possible circular locking dependency detected 6.5.0-kfd-yangp #2289 Not tainted ---------------- | ||
| CVE-2024-26670 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD Currently the ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround isn't quite right, as it is supposed to be applied after the last explicit memory acc |
- CVE-2024-26692Apr 3, 2024affected < 5.14.21-150500.33.57.1fixed 5.14.21-150500.33.57.1
In the Linux kernel, the following vulnerability has been resolved: smb: Fix regression in writes when non-standard maximum write size negotiated The conversion to netfs in the 6.3 kernel caused a regression when maximum write size is set by the server to an unexpected value wh
- CVE-2024-26689Apr 3, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), "use after free" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the ref
- CVE-2024-26688Apr 3, 2024affected < 5.14.21-150500.33.51.1fixed 5.14.21-150500.33.51.1
In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in hugetlbfs_fill_super() caused by assigni
- CVE-2024-26687Apr 3, 2024affected < 5.14.21-150500.33.51.1fixed 5.14.21-150500.33.51.1
In the Linux kernel, the following vulnerability has been resolved: xen/events: close evtchn after mapping cleanup shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being t
- CVE-2024-26685Apr 3, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async
- CVE-2023-52639Apr 3, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the fact that we add gmap->private
- CVE-2023-52637Apr 3, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Lock jsk->sk to prevent UAF when setsockopt(..., SO_J1939_FILTER, ...) modifies jsk->filters while receiving packets. Following t
- affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet
- CVE-2024-26684Apr 2, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Commit 56e58d6c8a56 ("net: stmmac: Implement Safety Features in XGMAC core") checks and reports safety errors, but leaves the Data Path Pari
- CVE-2024-26681Apr 2, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: netdevsim: avoid potential loop in nsim_dev_trap_report_work() Many syzbot reports include the following trace [1] If nsim_dev_trap_report_work() can not grab the mutex, it should rearm itself at least one jif
- CVE-2024-26680Apr 2, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: net: atlantic: Fix DMA mapping for PTP hwts ring Function aq_ring_hwts_rx_alloc() maps extra AQ_CFG_RXDS_DEF bytes for PTP HWTS ring but then generic aq_ring_free() does not take this into account. Create and u
- CVE-2024-26679Apr 2, 2024affected < 5.14.21-150500.33.51.1fixed 5.14.21-150500.33.51.1
In the Linux kernel, the following vulnerability has been resolved: inet: read sk->sk_family once in inet_recv_error() inet_recv_error() is called without holding the socket lock. IPv6 socket could mutate to IPv4 with IPV6_ADDRFORM socket option and trigger a KCSAN warning.
- CVE-2024-26677Apr 2, 2024affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference.
- CVE-2024-26675Apr 2, 2024affected < 5.14.21-150500.33.51.1fixed 5.14.21-150500.33.51.1
In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adop
- CVE-2023-52636Apr 2, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: libceph: just wait for more data to be available on the socket A short read may occur while reading the message footer from the socket. Later, when the socket is ready for another read, the messenger invokes a
- CVE-2024-26673Apr 2, 2024affected < 5.14.21-150500.33.51.1fixed 5.14.21-150500.33.51.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTO_{IPV4,IPV6,INET}. - Disallow layer 4 protocol with no ports, since destination port is a
- CVE-2024-26671Apr 2, 2024affected < 5.14.21-150500.33.51.1fixed 5.14.21-150500.33.51.1
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered with the following blk_mq_get_driver_tag() in case of getting driver tag failure. Then in __sbitmap_
- CVE-2023-52635Apr 2, 2024affected < 5.14.21-150500.33.51.1fixed 5.14.21-150500.33.51.1
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from
- CVE-2023-52632Apr 2, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix lock dependency warning with srcu ====================================================== WARNING: possible circular locking dependency detected 6.5.0-kfd-yangp #2289 Not tainted ----------------
- CVE-2024-26670Apr 2, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD Currently the ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround isn't quite right, as it is supposed to be applied after the last explicit memory acc
Page 101 of 122