VYPR

rpm package

suse/kernel-source-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP5

pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5

Vulnerabilities (2,432)

  • CVE-2024-36484MedJun 21, 2024
    affected < 5.14.21-150500.33.75.1fixed 5.14.21-150500.33.75.1

    In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/af_inet.c:761 __inet_accept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-e

  • CVE-2024-36286MedJun 21, 2024
    affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-0206

  • CVE-2024-36270MedJun 21, 2024
    affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr

  • CVE-2024-38634Jun 21, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Lock port->lock when calling uart_handle_cts_change() uart_handle_cts_change() has to be called with port lock taken, Since we run it in a separate work, the lock may not be taken at the time o

  • CVE-2024-38633Jun 21, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Update uart_driver_registered on driver removal The removal of the last MAX3100 device triggers the removal of the driver. However, code doesn't update the respective global variable and after

  • CVE-2024-38632Jun 21, 2024
    affected < 5.14.21-150500.33.69.1fixed 5.14.21-150500.33.69.1

    In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix potential memory leak in vfio_intx_enable() If vfio_irq_ctx_alloc() failed will lead to 'name' memory leak.

  • CVE-2024-38630Jun 21, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger When the cpu5wdt module is removing, the origin code uses del_timer() to de-activate the timer. If the timer handler is running, del_timer()

  • CVE-2024-38628Jun 21, 2024
    affected < 5.14.21-150500.33.63.1fixed 5.14.21-150500.33.63.1

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind. Hang on to the control IDs instead of pointers since those are correctly handled with locks.

  • CVE-2024-38627Jun 21, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees "stm" so the vfree(stm) on the next line is a double free.

  • CVE-2024-38621Jun 21, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160_copy_video() The subtract in this condition is reversed. The ->length is the length of the buffer. The ->bytesused is how many bytes we have copied thus far. Wh

  • CVE-2024-38390Jun 21, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointer dereference on: msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev,

  • CVE-2024-38388Jun 21, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup Use the control private_free callback to free the associated data block. This ensures that the memory won't leak, whatever way the control gets destroy

  • CVE-2024-36478Jun 21, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Writing 'power' and 'submit_queues' concurrently will trigger kernel panic: Test script: modprobe null_blk nr_devices=0 mkdir -

  • CVE-2024-36244Jun 21, 2024
    affected < 5.14.21-150500.33.72.1fixed 5.14.21-150500.33.72.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits

  • CVE-2024-33619Jun 21, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtime_map when allocated priv.runtime_map is only allocated when efi_novamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally.

  • CVE-2024-31076Jun 21, 2024
    affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1

    In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of interrupt affinity reconfiguration via procfs. Instead, the change is de

  • CVE-2023-52884Jun 21, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: Input: cyapa - add missing input core locking to suspend/resume functions Grab input->mutex during suspend/resume functions like it is done in other input drivers. This fixes the following warning during system

  • CVE-2021-4439Jun 20, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->ta

  • CVE-2022-48771Jun 20, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix stale file descriptors on failed usercopy A failing usercopy of the fence_rep object will lead to a stale entry in the file descriptor table as put_unused_fd() won't release it. This enables use

  • CVE-2022-48770Jun 20, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack() task_pt_regs() can return NULL on powerpc for kernel threads. This is then used in __bpf_get_stack() to check for user mode, resulting in a kern

Page 49 of 122