rpm package
suse/kernel-source-coco&distro=SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6
pkg:rpm/suse/kernel-source-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6
Vulnerabilities (2,052)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-46672 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion wpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the driver for SAE/OWE offload cases") SSID based PMKSA del commands. brcmfmac is | ||
| CVE-2024-45030 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: igb: cope with large MAX_SKB_FRAGS Sabrina reports that the igb driver does not cope well with large MAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload corruption on TX. An easy reproducer is to ru | ||
| CVE-2024-45029 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to a mutex being called inside a spinlock. This leads to the following bug: BUG: sleeping functi | ||
| CVE-2024-45028 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: mmc: mmc_test: Fix NULL dereference on allocation failure If the "test->highmem = alloc_pages()" allocation fails then calling __free_pages(test->highmem) will result in a NULL dereference. Also change the err | ||
| CVE-2024-45026 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error recovery leading to data corruption on ESE devices Extent Space Efficient (ESE) or thin provisioned volumes need to be formatted on demand during usual IO processing. The dasd_ese_needs_fo | ||
| CVE-2024-45025 | — | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE copy_fd_bitmaps(new, old, count) is expected to copy the first count/BITS_PER_LONG bits from old->full_fds_bits[] and fill the rest with zeroes. | ||
| CVE-2024-45023 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix data corruption for degraded array with slow disk read_balance() will avoid reading from slow disks as much as possible, however, if valid data only lands in slow disks, and a new normal disk is s | ||
| CVE-2024-45022 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 The __vmap_pages_range_noflush() assumes its argument pages** contains pages with the same page shift. However, since c | ||
| CVE-2024-45021 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: memcg_write_event_control(): fix a user-triggerable oops we are *not* guaranteed that anything past the terminating NUL is mapped (let alone initialized with anything sane). | ||
| CVE-2024-45020 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a kernel verifier crash in stacksafe() Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Further investigation shows that the crash is due to invalid memory access in stacksaf | ||
| CVE-2024-45019 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take state lock during tx timeout reporter mlx5e_safe_reopen_channels() requires the state lock taken. The referenced changed in the Fixes tag removed the lock to fix another issue. This patch adds i | ||
| CVE-2024-45017 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/l | ||
| CVE-2024-45015 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() For cases where the crtc's connectors_changed was set without enable/active getting toggled , there is an atomic_enable() call followed by | ||
| CVE-2024-45013 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvme: move stopping keep-alive into nvme_uninit_ctrl() Commit 4733b65d82bd ("nvme: start keep-alive after admin queue setup") moves starting keep-alive from nvme_start_ctrl() into nvme_init_ctrl_finish(), but d | ||
| CVE-2024-45012 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: nouveau/firmware: use dma non-coherent allocator Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a BUG() on startup, when the iommu is enabled: kernel BUG at include/linux/scatterlist.h:18 | ||
| CVE-2024-45011 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Check USB endpoints when probing device Ensure, as the driver probes the device, that all endpoints that the driver may attempt to access exist and are of the correct type. All XillyUSB devices | ||
| CVE-2024-45010 | — | < 6.4.0-15061.18.coco15sp6.1 | 6.4.0-15061.18.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARN_ON_ONCE(msk->pm.local_addr_used == 0) ... before decrementing the local_addr_used counter helped to find a bug when run | ||
| CVE-2024-45009 | — | < 6.4.0-15061.18.coco15sp6.1 | 6.4.0-15061.18.coco15sp6.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement add_addr_accepted for MPJ req Adding the following warning ... WARN_ON_ONCE(msk->pm.add_addr_accepted == 0) ... before decrementing the add_addr_accepted counter helped to find a b | ||
| CVE-2023-52916 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: aspeed: Fix memory overwrite if timing is 1600x900 When capturing 1600x900, system could crash when system memory usage is tight. The way to reproduce this issue: 1. Use 1600x900 to display on host 2. M | ||
| CVE-2023-52915 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be |
- CVE-2024-46672Sep 11, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion wpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in the driver for SAE/OWE offload cases") SSID based PMKSA del commands. brcmfmac is
- CVE-2024-45030Sep 11, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: igb: cope with large MAX_SKB_FRAGS Sabrina reports that the igb driver does not cope well with large MAX_SKB_FRAG values: setting MAX_SKB_FRAG to 45 causes payload corruption on TX. An easy reproducer is to ru
- CVE-2024-45029Sep 11, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to a mutex being called inside a spinlock. This leads to the following bug: BUG: sleeping functi
- CVE-2024-45028Sep 11, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: mmc: mmc_test: Fix NULL dereference on allocation failure If the "test->highmem = alloc_pages()" allocation fails then calling __free_pages(test->highmem) will result in a NULL dereference. Also change the err
- CVE-2024-45026Sep 11, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error recovery leading to data corruption on ESE devices Extent Space Efficient (ESE) or thin provisioned volumes need to be formatted on demand during usual IO processing. The dasd_ese_needs_fo
- CVE-2024-45025Sep 11, 2024affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE copy_fd_bitmaps(new, old, count) is expected to copy the first count/BITS_PER_LONG bits from old->full_fds_bits[] and fill the rest with zeroes.
- CVE-2024-45023Sep 11, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix data corruption for degraded array with slow disk read_balance() will avoid reading from slow disks as much as possible, however, if valid data only lands in slow disks, and a new normal disk is s
- CVE-2024-45022Sep 11, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 The __vmap_pages_range_noflush() assumes its argument pages** contains pages with the same page shift. However, since c
- CVE-2024-45021Sep 11, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: memcg_write_event_control(): fix a user-triggerable oops we are *not* guaranteed that anything past the terminating NUL is mapped (let alone initialized with anything sane).
- CVE-2024-45020Sep 11, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a kernel verifier crash in stacksafe() Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Further investigation shows that the crash is due to invalid memory access in stacksaf
- CVE-2024-45019Sep 11, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take state lock during tx timeout reporter mlx5e_safe_reopen_channels() requires the state lock taken. The referenced changed in the Fixes tag removed the lock to fix another issue. This patch adds i
- CVE-2024-45017Sep 11, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/l
- CVE-2024-45015Sep 11, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() For cases where the crtc's connectors_changed was set without enable/active getting toggled , there is an atomic_enable() call followed by
- CVE-2024-45013Sep 11, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: nvme: move stopping keep-alive into nvme_uninit_ctrl() Commit 4733b65d82bd ("nvme: start keep-alive after admin queue setup") moves starting keep-alive from nvme_start_ctrl() into nvme_init_ctrl_finish(), but d
- CVE-2024-45012Sep 11, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: nouveau/firmware: use dma non-coherent allocator Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a BUG() on startup, when the iommu is enabled: kernel BUG at include/linux/scatterlist.h:18
- CVE-2024-45011Sep 11, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Check USB endpoints when probing device Ensure, as the driver probes the device, that all endpoints that the driver may attempt to access exist and are of the correct type. All XillyUSB devices
- CVE-2024-45010Sep 11, 2024affected < 6.4.0-15061.18.coco15sp6.1fixed 6.4.0-15061.18.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARN_ON_ONCE(msk->pm.local_addr_used == 0) ... before decrementing the local_addr_used counter helped to find a bug when run
- CVE-2024-45009Sep 11, 2024affected < 6.4.0-15061.18.coco15sp6.1fixed 6.4.0-15061.18.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement add_addr_accepted for MPJ req Adding the following warning ... WARN_ON_ONCE(msk->pm.add_addr_accepted == 0) ... before decrementing the add_addr_accepted counter helped to find a b
- CVE-2023-52916Sep 6, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: media: aspeed: Fix memory overwrite if timing is 1600x900 When capturing 1600x900, system could crash when system memory usage is tight. The way to reproduce this issue: 1. Use 1600x900 to display on host 2. M
- CVE-2023-52915Sep 6, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be
Page 96 of 103