suse/kernel-source-rt&distro=SUSE Linux Enterprise Micro 5.5

Vulnerabilities (4,559)

• CVE-2024-49871Oct 21, 2024
  affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

  In the Linux kernel, the following vulnerability has been resolved: Input: adp5589-keys - fix NULL pointer dereference We register a devm action to call adp5589_clear_config() and then pass the i2c client as argument so that we can call i2c_get_clientdata() in order to get our

• CVE-2024-49870Oct 21, 2024
  affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

  In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix dentry leak in cachefiles_open_file() A dentry leak may be caused when a lookup cookie and a cull are concurrent: P1 | P2 -----------------------------------

• CVE-2024-49868Oct 21, 2024
  affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

  In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion [BUG] Syzbot reported a NULL pointer dereference with the following crash: FAULT_INJECTION: forcing a failure. start_transactio

• CVE-2024-49867Oct 21, 2024
  affected < 5.14.21-150500.13.76.1fixed 5.14.21-150500.13.76.1

  In the Linux kernel, the following vulnerability has been resolved: btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree(), we have the following steps in this order: 1) Park the cleaner kthread - this doesn't destroy the k

• CVE-2024-49866Oct 21, 2024
  affected < 5.14.21-150500.13.76.1fixed 5.14.21-150500.13.76.1

  In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Fix a race during cpuhp processing There is another found exception that the "timerlat/1" thread was scheduled on CPU0, and lead to timer corruption finally: ``` ODEBUG: init active (active s

• CVE-2024-49863Oct 21, 2024
  affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

  In the Linux kernel, the following vulnerability has been resolved: vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() Since commit 3f8ca2e115e5 ("vhost/scsi: Extract common handling code from control queue handler") a null pointer dereference bug can be triggered when gu

• CVE-2024-49851MedOct 21, 2024
  affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

  In the Linux kernel, the following vulnerability has been resolved: tpm: Clean up TPM space after command failure tpm_dev_transmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can resul

• CVE-2024-47747HigOct 21, 2024
  affected < 5.14.21-150500.13.76.1fixed 5.14.21-150500.13.76.1

  In the Linux kernel, the following vulnerability has been resolved: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition In the ether3_probe function, a timer is initialized with a callback function ether3_ledoff, bound to &prev(dev)->timer. Once t

• CVE-2024-47745HigOct 21, 2024
  affected < 5.14.21-150500.13.76.1fixed 5.14.21-150500.13.76.1

  In the Linux kernel, the following vulnerability has been resolved: mm: call the security_mmap_file() LSM hook in remap_file_pages() The remap_file_pages syscall handler calls do_mmap() directly, which doesn't contain the LSM security check. And if the process has called person

• CVE-2024-47742HigOct 21, 2024
  affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

  In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, th

• CVE-2024-47737MedOct 21, 2024
  affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

  In the Linux kernel, the following vulnerability has been resolved: nfsd: call cache_put if xdr_reserve_space returns NULL If not enough buffer space available, but idmap_lookup has triggered lookup_fn which calls cache_get and returns successfully. Then we missed to call cache

• CVE-2024-47735MedOct 21, 2024
  affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled Fix missuse of spin_lock_irq()/spin_unlock_irq() when spin_lock_irqsave()/spin_lock_irqrestore() was hold. This was discovered through the lock d

• CVE-2024-47730HigOct 21, 2024
  affected < 5.14.21-150500.13.76.1fixed 5.14.21-150500.13.76.1

  In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - inject error before stopping queue The master ooo cannot be completely closed when the accelerator core reports memory error. Therefore, the driver needs to inject the qm error to close t

• CVE-2024-47723HigOct 21, 2024
  affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

  In the Linux kernel, the following vulnerability has been resolved: jfs: fix out-of-bounds in dbNextAG() and diAlloc() In dbNextAG() , there is no check for the case where bmp->db_numag is greater or same than MAXAG due to a polluted image, which causes an out-of-bounds. Theref

• CVE-2024-49861Oct 21, 2024
  affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

  In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper writes to read-only maps Lonial found an issue that despite user- and BPF-side frozen BPF map (like in case of .rodata), it was still possible to write into it from a BPF program side through sp

• CVE-2024-49860Oct 21, 2024
  affected < 5.14.21-150500.13.76.1fixed 5.14.21-150500.13.76.1

  In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory.

• CVE-2024-49858Oct 21, 2024
  affected < 5.14.21-150500.13.76.1fixed 5.14.21-150500.13.76.1

  In the Linux kernel, the following vulnerability has been resolved: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption The TPM event log table is a Linux specific construct, where the data produced by the GetEventLog() boot service is cached in memory, and p

• CVE-2024-49855Oct 21, 2024
  affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

  In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbd_requeue_cmd(), normal completion has to be stopped for avoiding to complete this requeued request, other use-after-free

• CVE-2024-49852Oct 21, 2024
  affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() The kref_put() function will call nport->release if the refcount drops to zero. The nport->release release function is _efc_nport_free()

• CVE-2024-49850Oct 21, 2024
  affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

  In the Linux kernel, the following vulnerability has been resolved: bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos In case of malformed relocation record of kind BPF_CORE_TYPE_ID_LOCAL referencing a non-existing BTF type, function bpf_core_calc_relo_insn would cau