rpm package

suse/kernel-source-azure&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Vulnerabilities (1,481)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-52646		—	< 4.12.14-16.182.1	4.12.14-16.182.1	Apr 26, 2024	In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced a null-deref if mremap is called on an old aio mapping after fork as mm->ioctx_table will be set
CVE-2024-26923	Med	4.7	< 4.12.14-16.191.1	4.12.14-16.191.1	Apr 25, 2024	In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM
CVE-2024-26924		—	< 4.12.14-16.194.1	4.12.14-16.194.1	Apr 24, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... ad
CVE-2024-26922		—	< 4.12.14-16.182.1	4.12.14-16.182.1	Apr 23, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.
CVE-2024-26921		—	< 4.12.14-16.188.1	4.12.14-16.188.1	Apr 18, 2024	In the Linux kernel, the following vulnerability has been resolved: inet: inet_defrag: prevent sk release while still in use ip_local_out() and other functions can pass skb->sk as function argument. If the skb is a fragment and reassembly happens before such function call retu
CVE-2024-26920	Med	5.5	< 4.12.14-16.188.1	4.12.14-16.188.1	Apr 17, 2024	In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fix to return error if failed to alloc snapshot Fix register_snapshot_trigger() to return error code if it failed to allocate a snapshot instead of 0 (success). Unless that, it will register sn
CVE-2024-26915		—	< 4.12.14-16.188.1	4.12.14-16.188.1	Apr 17, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Reset IH OVERFLOW_CLEAR bit Allows us to detect subsequent IH ring buffer overflows as well.
CVE-2024-26907	Hig	7.8	< 4.12.14-16.182.1	4.12.14-16.182.1	Apr 17, 2024	In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------[ cut here ]------------ memcpy: detected field-spanning write (size 56) of single field "eseg->inline_hdr.start" at /var/lib/dkms
CVE-2024-26903	Med	5.5	< 4.12.14-16.182.1	4.12.14-16.182.1	Apr 17, 2024	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security During our fuzz testing of the connection and disconnection process at the RFCOMM layer, we discovered this bug. By comparing the packets from a no
CVE-2024-26901	Med	5.5	< 4.12.14-16.182.1	4.12.14-16.182.1	Apr 17, 2024	In the Linux kernel, the following vulnerability has been resolved: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak syzbot identified a kernel information leak vulnerability in do_sys_name_to_handle() and issued the following report [1]. [1] "BUG: KMSAN: kernel-i
CVE-2024-26898	Hig	7.8	< 4.12.14-16.182.1	4.12.14-16.182.1	Apr 17, 2024	In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel.
CVE-2024-26894	Med	6.0	< 4.12.14-16.191.1	4.12.14-16.191.1	Apr 17, 2024	In the Linux kernel, the following vulnerability has been resolved: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() After unregistering the CPU idle device, the memory associated with it is not freed, leading to a memory leak: unreferenced object 0xffff896
CVE-2024-26884	Hig	7.8	< 4.12.14-16.182.1	4.12.14-16.182.1	Apr 17, 2024	In the Linux kernel, the following vulnerability has been resolved: bpf: Fix hashtab overflow check on 32-bit arches The hashtab code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. Ho
CVE-2024-26883	Hig	7.8	< 4.12.14-16.182.1	4.12.14-16.182.1	Apr 17, 2024	In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check on 32-bit arches The stackmap code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0.
CVE-2024-26880	Med	5.5	< 4.12.14-16.194.1	4.12.14-16.194.1	Apr 17, 2024	In the Linux kernel, the following vulnerability has been resolved: dm: call the resume method on internal suspend There is this reported crash when experimenting with the lvm2 testsuite. The list corruption is caused by the fact that the postsuspend and resume methods were not
CVE-2024-26878	Med	4.7	< 4.12.14-16.182.1	4.12.14-16.182.1	Apr 17, 2024	In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL pointer dereference Below race may cause NULL pointer dereference P1 P2 dquot_free_inode quota_off drop_dquot_ref remove_dquot_ref dquots = i_dquot(inode)
CVE-2024-26863	Med	5.5	< 4.12.14-16.191.1	4.12.14-16.191.1	Apr 17, 2024	In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in hsr_get_node() KMSAN reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0
CVE-2024-26859	Med	4.7	< 4.12.14-16.182.1	4.12.14-16.182.1	Apr 17, 2024	In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a ra
CVE-2024-26855	Med	5.5	< 4.12.14-16.182.1	4.12.14-16.182.1	Apr 17, 2024	In the Linux kernel, the following vulnerability has been resolved: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() The function ice_bridge_setlink() may encounter a NULL pointer dereference if nlmsg_find_attr() returns NULL and br_spec is dereferenced
CVE-2024-26852	Hig	7.8	< 4.12.14-16.182.1	4.12.14-16.182.1	Apr 17, 2024	In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() syzbot found another use-after-free in ip6_route_mpath_notify() [1] Commit f7225172f25a ("net/ipv6: prevent use after free in ip6_route_mpath_notify") w

CVE-2023-52646Apr 26, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced a null-deref if mremap is called on an old aio mapping after fork as mm->ioctx_table will be set
CVE-2024-26923MedApr 25, 2024
affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM
CVE-2024-26924Apr 24, 2024
affected < 4.12.14-16.194.1fixed 4.12.14-16.194.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... ad
CVE-2024-26922Apr 23, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.
CVE-2024-26921Apr 18, 2024
affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1
In the Linux kernel, the following vulnerability has been resolved: inet: inet_defrag: prevent sk release while still in use ip_local_out() and other functions can pass skb->sk as function argument. If the skb is a fragment and reassembly happens before such function call retu
CVE-2024-26920MedApr 17, 2024
affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1
In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fix to return error if failed to alloc snapshot Fix register_snapshot_trigger() to return error code if it failed to allocate a snapshot instead of 0 (success). Unless that, it will register sn
CVE-2024-26915Apr 17, 2024
affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Reset IH OVERFLOW_CLEAR bit Allows us to detect subsequent IH ring buffer overflows as well.
CVE-2024-26907HigApr 17, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------[ cut here ]------------ memcpy: detected field-spanning write (size 56) of single field "eseg->inline_hdr.start" at /var/lib/dkms
CVE-2024-26903MedApr 17, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security During our fuzz testing of the connection and disconnection process at the RFCOMM layer, we discovered this bug. By comparing the packets from a no
CVE-2024-26901MedApr 17, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak syzbot identified a kernel information leak vulnerability in do_sys_name_to_handle() and issued the following report [1]. [1] "BUG: KMSAN: kernel-i
CVE-2024-26898HigApr 17, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel.
CVE-2024-26894MedApr 17, 2024
affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() After unregistering the CPU idle device, the memory associated with it is not freed, leading to a memory leak: unreferenced object 0xffff896
CVE-2024-26884HigApr 17, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix hashtab overflow check on 32-bit arches The hashtab code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. Ho
CVE-2024-26883HigApr 17, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check on 32-bit arches The stackmap code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0.
CVE-2024-26880MedApr 17, 2024
affected < 4.12.14-16.194.1fixed 4.12.14-16.194.1
In the Linux kernel, the following vulnerability has been resolved: dm: call the resume method on internal suspend There is this reported crash when experimenting with the lvm2 testsuite. The list corruption is caused by the fact that the postsuspend and resume methods were not
CVE-2024-26878MedApr 17, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL pointer dereference Below race may cause NULL pointer dereference P1 P2 dquot_free_inode quota_off drop_dquot_ref remove_dquot_ref dquots = i_dquot(inode)
CVE-2024-26863MedApr 17, 2024
affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in hsr_get_node() KMSAN reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0
CVE-2024-26859MedApr 17, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a ra
CVE-2024-26855MedApr 17, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() The function ice_bridge_setlink() may encounter a NULL pointer dereference if nlmsg_find_attr() returns NULL and br_spec is dereferenced
CVE-2024-26852HigApr 17, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() syzbot found another use-after-free in ip6_route_mpath_notify() [1] Commit f7225172f25a ("net/ipv6: prevent use after free in ip6_route_mpath_notify") w

Page 32 of 75