suse/kernel-source-rt&distro=SUSE Linux Enterprise Micro 5.5

Vulnerabilities (4,559)

• CVE-2024-36978HigJun 19, 2024
  affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1

  In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune() q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherw

• CVE-2024-36974HigJun 18, 2024
  affected < 5.14.21-150500.13.64.1fixed 5.14.21-150500.13.64.1

  In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the k

• CVE-2024-36975Jun 18, 2024
  affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1

  In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Do not use WARN when encode fails When asn1_encode_sequence() fails, WARN is not the correct solution. 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2.

• CVE-2024-36971KEVJun 10, 2024
  affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1

  In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_ca

• CVE-2024-36969Jun 8, 2024
  affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1

  In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves

• CVE-2024-36967Jun 8, 2024
  affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1

  In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak in tpm2_key_encode() 'scratch' is never freed. Fix this by calling kfree() in the success, and in the error case.

• CVE-2024-36965Jun 8, 2024
  affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1

  In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size th

• CVE-2024-36964Jun 3, 2024
  affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1

  In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set (among others) the suid bit. This was presumably not the intent s

• CVE-2024-36962Jun 3, 2024
  affected < 5.14.21-150500.13.67.3fixed 5.14.21-150500.13.67.3

  In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Currently the driver uses local_bh_disable()/local_bh_enable() in its IRQ handler to avoid triggering net_rx_action() softirq on exit from n

• CVE-2024-36960Jun 3, 2024
  affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1

  In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was set to the parent structure i

• CVE-2024-36959MedMay 30, 2024
  affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1

  In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrl_dt_free_maps() includes the droping op

• CVE-2024-36940HigMay 30, 2024
  affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1

  In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freei

• CVE-2024-36939MedMay 30, 2024
  affected < 5.14.21-150500.13.64.1fixed 5.14.21-150500.13.64.1

  In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpc_proc_register() in nfs_net_init(). syzkaller reported a warning [0] triggered while destroying immature netns. rpc_proc_register() was called in init_nfs_fs(), but its error has been i

• CVE-2024-36929MedMay 30, 2024
  affected < 5.14.21-150500.13.67.3fixed 5.14.21-150500.13.67.3

  In the Linux kernel, the following vulnerability has been resolved: net: core: reject skb_copy(_expand) for fraglist GSO skbs SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skb_copy or skb_copy_expand, in ord

• CVE-2024-36916HigMay 30, 2024
  affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1

  In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where sometimes iocg->delay is shifted right by a number that is too large, resulting in undefined behavior on some architec

• CVE-2024-36905MedMay 30, 2024
  affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

  In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to

• CVE-2024-36904HigMay 30, 2024
  affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1

  In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operat

• CVE-2024-36902MedMay 30, 2024
  affected < 5.14.21-150500.13.64.1fixed 5.14.21-150500.13.64.1

  In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused by unsafe ip6_dst_idev() use. Indeed ip6_dst_idev() can return NULL, and must a

• CVE-2024-36899HigMay 30, 2024
  affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1

  In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed

• CVE-2024-36898HigMay 30, 2024
  affected < 5.14.21-150500.13.85.1fixed 5.14.21-150500.13.85.1

  In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the line is subsequently reconfigured to enable edge detection then the allocation of