rpm package
suse/kernel-source-rt&distro=SUSE Linux Enterprise Micro 5.5
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5
Vulnerabilities (4,559)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47666 | — | < 5.14.21-150500.13.82.1 | 5.14.21-150500.13.82.1 | Oct 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy->enable_completion only when we wait for it pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and re | ||
| CVE-2024-47665 | — | < 5.14.21-150500.13.79.1 | 5.14.21-150500.13.79.1 | Oct 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Definitely condition dma_get_cache_alignment * defined value > 256 during driver initialization is not reason to BUG_ON(). Turn that to graceful | ||
| CVE-2024-47664 | — | < 5.14.21-150500.13.76.1 | 5.14.21-150500.13.76.1 | Oct 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware If the value of max_speed_hz is 0, it may cause a division by zero error in hisi_calc_effective_speed(). The value of max_speed | ||
| CVE-2024-47663 | — | < 5.14.21-150500.13.79.1 | 5.14.21-150500.13.79.1 | Oct 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834_write_frequency() clk_get_rate() can return 0. In such case ad9834_calc_freqreg() call will lead to division by zero. Checking 'if ( | ||
| CVE-2024-47661 | — | < 5.14.21-150500.13.76.1 | 5.14.21-150500.13.76.1 | Oct 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid overflow from uint32_t to uint8_t [WHAT & HOW] dmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned 0xFFFF. Fix it by changing it to uint8_t with value of 0xFF. This fix | ||
| CVE-2024-46865 | Hig | 7.1 | < 5.14.21-150500.13.94.1 | 5.14.21-150500.13.94.1 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitialized. | |
| CVE-2024-46859 | Hig | 7.8 | < 5.14.21-150500.13.79.1 | 5.14.21-150500.13.79.1 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses The panasonic laptop code in various places uses the SINF array with index values of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SIN | |
| CVE-2024-46854 | Hig | 7.1 | < 5.14.21-150500.13.76.1 | 5.14.21-150500.13.76.1 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is lea | |
| CVE-2024-46853 | Hig | 7.8 | < 5.14.21-150500.13.79.1 | 5.14.21-150500.13.79.1 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the data that is not 4 byte aligned to TX FIFO. To reproduce the issue, write 3 bytes | |
| CVE-2024-46849 | Hig | 7.8 | < 5.14.21-150500.13.76.1 | 5.14.21-150500.13.76.1 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: ASoC: meson: axg-card: fix 'use-after-free' Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move 'pad' pointer initialization after this function when memory is already reallocated | |
| CVE-2024-46830 | Hig | 7.8 | < 5.14.21-150500.13.73.1 | 5.14.21-150500.13.73.1 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX r | |
| CVE-2024-46821 | Hig | 7.8 | < 5.14.21-150500.13.79.1 | 5.14.21-150500.13.79.1 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix negative array index read Avoid using the negative values for clk_idex as an index into an array pptable->DpmDescriptor. V2: fix clk_index return check (Tim Huang) | |
| CVE-2024-46813 | Hig | 7.8 | < 5.14.21-150500.13.76.1 | 5.14.21-150500.13.76.1 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check link_index before accessing dc->links[] [WHY & HOW] dc->links[] has max size of MAX_LINKS and NULL is return when trying to access with out-of-bound index. This fixes 3 OVERRUN and 1 RES | |
| CVE-2024-46812 | Hig | 7.8 | < 5.14.21-150500.13.79.1 | 5.14.21-150500.13.79.1 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration [Why] Coverity reports Memory - illegal accesses. [How] Skip inactive planes. | |
| CVE-2024-46864 | — | < 5.14.21-150500.13.79.1 | 5.14.21-150500.13.79.1 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: fix kexec crash due to VP assist page corruption commit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline") introduces a new cpuhp state for hyperv initializa | ||
| CVE-2024-46858 | — | < 5.14.21-150500.13.85.1 | 5.14.21-150500.13.85.1 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action | ||
| CVE-2024-46857 | — | < 5.14.21-150500.13.76.1 | 5.14.21-150500.13.76.1 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix bridge mode operations when there are no VFs Currently, trying to set the bridge mode attribute when numvfs=0 leads to a crash: bridge link set dev eth2 hwmode vepa [ 168.967392] BUG: kernel NU | ||
| CVE-2024-46855 | — | < 5.14.21-150500.13.76.1 | 5.14.21-150500.13.76.1 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: fix sk refcount leaks We must put 'sk' reference before returning. | ||
| CVE-2024-46848 | — | < 5.14.21-150500.13.76.1 | 5.14.21-150500.13.76.1 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/co | ||
| CVE-2024-46842 | — | < 5.14.21-150500.13.79.1 | 5.14.21-150500.13.79.1 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the routine unconditionally frees submitted mailbox commands regardless of return sta |
- CVE-2024-47666Oct 9, 2024affected < 5.14.21-150500.13.82.1fixed 5.14.21-150500.13.82.1
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy->enable_completion only when we wait for it pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and re
- CVE-2024-47665Oct 9, 2024affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1
In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Definitely condition dma_get_cache_alignment * defined value > 256 during driver initialization is not reason to BUG_ON(). Turn that to graceful
- CVE-2024-47664Oct 9, 2024affected < 5.14.21-150500.13.76.1fixed 5.14.21-150500.13.76.1
In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware If the value of max_speed_hz is 0, it may cause a division by zero error in hisi_calc_effective_speed(). The value of max_speed
- CVE-2024-47663Oct 9, 2024affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1
In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834_write_frequency() clk_get_rate() can return 0. In such case ad9834_calc_freqreg() call will lead to division by zero. Checking 'if (
- CVE-2024-47661Oct 9, 2024affected < 5.14.21-150500.13.76.1fixed 5.14.21-150500.13.76.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid overflow from uint32_t to uint8_t [WHAT & HOW] dmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned 0xFFFF. Fix it by changing it to uint8_t with value of 0xFF. This fix
- affected < 5.14.21-150500.13.94.1fixed 5.14.21-150500.13.94.1
In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitialized.
- affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1
In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses The panasonic laptop code in various places uses the SINF array with index values of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SIN
- affected < 5.14.21-150500.13.76.1fixed 5.14.21-150500.13.76.1
In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is lea
- affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1
In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the data that is not 4 byte aligned to TX FIFO. To reproduce the issue, write 3 bytes
- affected < 5.14.21-150500.13.76.1fixed 5.14.21-150500.13.76.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: meson: axg-card: fix 'use-after-free' Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move 'pad' pointer initialization after this function when memory is already reallocated
- affected < 5.14.21-150500.13.73.1fixed 5.14.21-150500.13.73.1
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX r
- affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix negative array index read Avoid using the negative values for clk_idex as an index into an array pptable->DpmDescriptor. V2: fix clk_index return check (Tim Huang)
- affected < 5.14.21-150500.13.76.1fixed 5.14.21-150500.13.76.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check link_index before accessing dc->links[] [WHY & HOW] dc->links[] has max size of MAX_LINKS and NULL is return when trying to access with out-of-bound index. This fixes 3 OVERRUN and 1 RES
- affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration [Why] Coverity reports Memory - illegal accesses. [How] Skip inactive planes.
- CVE-2024-46864Sep 27, 2024affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1
In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: fix kexec crash due to VP assist page corruption commit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline") introduces a new cpuhp state for hyperv initializa
- CVE-2024-46858Sep 27, 2024affected < 5.14.21-150500.13.85.1fixed 5.14.21-150500.13.85.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action
- CVE-2024-46857Sep 27, 2024affected < 5.14.21-150500.13.76.1fixed 5.14.21-150500.13.76.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix bridge mode operations when there are no VFs Currently, trying to set the bridge mode attribute when numvfs=0 leads to a crash: bridge link set dev eth2 hwmode vepa [ 168.967392] BUG: kernel NU
- CVE-2024-46855Sep 27, 2024affected < 5.14.21-150500.13.76.1fixed 5.14.21-150500.13.76.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: fix sk refcount leaks We must put 'sk' reference before returning.
- CVE-2024-46848Sep 27, 2024affected < 5.14.21-150500.13.76.1fixed 5.14.21-150500.13.76.1
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/co
- CVE-2024-46842Sep 27, 2024affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the routine unconditionally frees submitted mailbox commands regardless of return sta
Page 129 of 228