rpm package
suse/kernel-source-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP7
pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7
Vulnerabilities (2,117)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-57900 | — | < 6.4.0-150700.20.3.1 | 6.4.0-150700.20.3.1 | Jan 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: ila: serialize calls to nf_register_net_hooks() syzbot found a race in ila_add_mapping() [1] commit 031ae72825ce ("ila: call nf_unregister_net_hooks() sooner") attempted to fix a similar issue. Looking at the | ||
| CVE-2024-49571 | — | < 6.4.0-150700.20.3.1 | 6.4.0-150700.20.3.1 | Jan 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg When receiving proposal msg in server, the field iparea_offset and the field ipv6_prefixes_cnt in proposal msg are from the remote | ||
| CVE-2024-49568 | — | < 6.4.0-150700.20.6.1 | 6.4.0-150700.20.6.1 | Jan 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg When receiving proposal msg in server, the fields v2_ext_offset/ eid_cnt/ism_gid_cnt in proposal msg are from the remote client and c | ||
| CVE-2024-47408 | — | < 6.4.0-150700.20.3.1 | 6.4.0-150700.20.3.1 | Jan 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the | ||
| CVE-2024-54683 | — | < 6.4.0-150700.20.3.1 | 6.4.0-150700.20.3.1 | Jan 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible ABBA deadlock Deletion of the last rule referencing a given idletimer may happen at the same time as a read of its file in sysfs: | ====================================== | ||
| CVE-2024-53680 | — | < 6.4.0-150700.20.3.1 | 6.4.0-150700.20.3.1 | Jan 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instr | ||
| CVE-2024-47794 | — | < 6.4.0-150700.20.3.1 | 6.4.0-150700.20.3.1 | Jan 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tailcall infinite loop caused by freplace There is a potential infinite loop issue that can occur when using a combination of tail calls and freplace. In an upcoming selftest, the attach target fo | ||
| CVE-2024-56770 | — | < 6.4.0-150700.20.3.1 | 6.4.0-150700.20.3.1 | Jan 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc In general, 'qlen' of any classful qdisc should keep track of the number of packets that the qdisc itself and all of its children holds. In case of | ||
| CVE-2024-56758 | — | < 6.4.0-150700.20.3.1 | 6.4.0-150700.20.3.1 | Jan 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mappi | ||
| CVE-2024-56751 | — | < 6.4.0-150700.20.3.1 | 6.4.0-150700.20.3.1 | Dec 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: release nexthop on device removal The CI is hitting some aperiodic hangup at device removal time in the pmtu.sh self-test: unregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6 ref_ | ||
| CVE-2024-56742 | — | < 6.4.0-150700.20.11.1 | 6.4.0-150700.20.11.1 | Dec 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() Fix an unwind issue in mlx5vf_add_migration_pages(). If a set of pages is allocated but fails to be added to the SG table, they need to be freed t | ||
| CVE-2024-56721 | — | < 6.4.0-150700.20.27.1 | 6.4.0-150700.20.27.1 | Dec 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Terminate the erratum_1386_microcode array The erratum_1386_microcode array requires an empty entry at the end. Otherwise x86_match_cpu_with_stepping() will continue iterate the array after it ende | ||
| CVE-2024-56719 | — | < 6.4.0-150700.20.3.1 | 6.4.0-150700.20.3.1 | Dec 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix TSO DMA API usage causing oops Commit 66600fac7a98 ("net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data") moved the assignment of tx_skbuff_dma[]'s members to be later in stm | ||
| CVE-2024-56718 | — | < 6.4.0-150700.20.3.1 | 6.4.0-150700.20.3.1 | Dec 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/smc: protect link down work from execute after lgr freed link down work may be scheduled before lgr freed but execute after lgr freed, which may result in crash. So it is need to hold a reference before she | ||
| CVE-2024-56703 | — | < 6.4.0-150700.20.3.1 | 6.4.0-150700.20.3.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix soft lockups in fib6_select_path under high next hop churn Soft lockups have been observed on a cluster of Linux-based edge routers located in a highly dynamic environment. Using the `bird` service, t | ||
| CVE-2024-56702 | — | < 6.4.0-150700.20.3.1 | 6.4.0-150700.20.3.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Arguments to a raw tracepoint are tagged as trusted, which carries the semantics that the pointer will be non-NULL. However, in certain cases, a raw tracepoint ar | ||
| CVE-2024-56699 | — | < 6.4.0-150700.20.6.1 | 6.4.0-150700.20.6.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix potential double remove of hotplug slot In commit 6ee600bfbe0f ("s390/pci: remove hotplug slot when releasing the device") the zpci_exit_slot() was moved from zpci_device_reserved() to zpci_releas | ||
| CVE-2024-56641 | — | < 6.4.0-150700.20.3.1 | 6.4.0-150700.20.3.1 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/smc: initialize close_work early to avoid warning We encountered a warning that close_work was canceled before initialization. WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x | ||
| CVE-2024-56640 | — | < 6.4.0-150700.20.3.1 | 6.4.0-150700.20.3.1 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix LGR and link use-after-free issue We encountered a LGR/link use-after-free issue, which manifested as the LGR/link refcnt reaching 0 early and entering the clear process, making resource access uns | ||
| CVE-2024-56638 | — | < 6.4.0-150700.20.3.1 | 6.4.0-150700.20.3.1 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: incorrect percpu area handling under softirq Softirq can interrupt ongoing packet from process context that is walking over the percpu area that contains inner header offsets. Disable bh |
- CVE-2024-57900Jan 15, 2025affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1
In the Linux kernel, the following vulnerability has been resolved: ila: serialize calls to nf_register_net_hooks() syzbot found a race in ila_add_mapping() [1] commit 031ae72825ce ("ila: call nf_unregister_net_hooks() sooner") attempted to fix a similar issue. Looking at the
- CVE-2024-49571Jan 11, 2025affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg When receiving proposal msg in server, the field iparea_offset and the field ipv6_prefixes_cnt in proposal msg are from the remote
- CVE-2024-49568Jan 11, 2025affected < 6.4.0-150700.20.6.1fixed 6.4.0-150700.20.6.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg When receiving proposal msg in server, the fields v2_ext_offset/ eid_cnt/ism_gid_cnt in proposal msg are from the remote client and c
- CVE-2024-47408Jan 11, 2025affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the
- CVE-2024-54683Jan 11, 2025affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible ABBA deadlock Deletion of the last rule referencing a given idletimer may happen at the same time as a read of its file in sysfs: | ======================================
- CVE-2024-53680Jan 11, 2025affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instr
- CVE-2024-47794Jan 11, 2025affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tailcall infinite loop caused by freplace There is a potential infinite loop issue that can occur when using a combination of tail calls and freplace. In an upcoming selftest, the attach target fo
- CVE-2024-56770Jan 8, 2025affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc In general, 'qlen' of any classful qdisc should keep track of the number of packets that the qdisc itself and all of its children holds. In case of
- CVE-2024-56758Jan 6, 2025affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mappi
- CVE-2024-56751Dec 29, 2024affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: release nexthop on device removal The CI is hitting some aperiodic hangup at device removal time in the pmtu.sh self-test: unregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6 ref_
- CVE-2024-56742Dec 29, 2024affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1
In the Linux kernel, the following vulnerability has been resolved: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() Fix an unwind issue in mlx5vf_add_migration_pages(). If a set of pages is allocated but fails to be added to the SG table, they need to be freed t
- CVE-2024-56721Dec 29, 2024affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Terminate the erratum_1386_microcode array The erratum_1386_microcode array requires an empty entry at the end. Otherwise x86_match_cpu_with_stepping() will continue iterate the array after it ende
- CVE-2024-56719Dec 29, 2024affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix TSO DMA API usage causing oops Commit 66600fac7a98 ("net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data") moved the assignment of tx_skbuff_dma[]'s members to be later in stm
- CVE-2024-56718Dec 29, 2024affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: protect link down work from execute after lgr freed link down work may be scheduled before lgr freed but execute after lgr freed, which may result in crash. So it is need to hold a reference before she
- CVE-2024-56703Dec 28, 2024affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix soft lockups in fib6_select_path under high next hop churn Soft lockups have been observed on a cluster of Linux-based edge routers located in a highly dynamic environment. Using the `bird` service, t
- CVE-2024-56702Dec 28, 2024affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Arguments to a raw tracepoint are tagged as trusted, which carries the semantics that the pointer will be non-NULL. However, in certain cases, a raw tracepoint ar
- CVE-2024-56699Dec 28, 2024affected < 6.4.0-150700.20.6.1fixed 6.4.0-150700.20.6.1
In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix potential double remove of hotplug slot In commit 6ee600bfbe0f ("s390/pci: remove hotplug slot when releasing the device") the zpci_exit_slot() was moved from zpci_device_reserved() to zpci_releas
- CVE-2024-56641Dec 27, 2024affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: initialize close_work early to avoid warning We encountered a warning that close_work was canceled before initialization. WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x
- CVE-2024-56640Dec 27, 2024affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix LGR and link use-after-free issue We encountered a LGR/link use-after-free issue, which manifested as the LGR/link refcnt reaching 0 early and entering the clear process, making resource access uns
- CVE-2024-56638Dec 27, 2024affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: incorrect percpu area handling under softirq Softirq can interrupt ongoing packet from process context that is walking over the percpu area that contains inner header offsets. Disable bh
Page 103 of 106