suse/kernel-source-rt&distro=SUSE Linux Enterprise Micro 5.5

Vulnerabilities (4,559)

• CVE-2024-26877MedApr 17, 2024
  affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1

  In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering the following calltrace: ------------[ cut here ]------------ WARNING: CP

• CVE-2024-26875MedApr 17, 2024
  affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

  In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix uaf in pvr2_context_set_notify [Syzbot reported] BUG: KASAN: slab-use-after-free in pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35 Read of size 4 at addr

• CVE-2024-26872HigApr 17, 2024
  affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register event handler until srpt device is fully setup Upon rare occasions, KASAN reports a use-after-free Write in srpt_refresh_port(). This seems to be because an event handler is register

• CVE-2024-26870MedApr 17, 2024
  affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1

  In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 A call to listxattr() with a buffer size = 0 returns the actual size of the buffer needed for a subsequent call. When size > 0, nfs4_listxattr() does

• CVE-2024-26863MedApr 17, 2024
  affected < 5.14.21-150500.13.64.1fixed 5.14.21-150500.13.64.1

  In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in hsr_get_node() KMSAN reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0

• CVE-2024-26861MedApr 17, 2024
  affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

  In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate data-race around receiving_counter.counter Syzkaller with KCSAN identified a data-race issue when accessing keypair->receiving_counter.counter. Use READ_ONCE() and WRITE_ONCE() anno

• CVE-2024-26859MedApr 17, 2024
  affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1

  In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a ra

• CVE-2024-26855MedApr 17, 2024
  affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

  In the Linux kernel, the following vulnerability has been resolved: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() The function ice_bridge_setlink() may encounter a NULL pointer dereference if nlmsg_find_attr() returns NULL and br_spec is dereferenced

• CVE-2024-26852HigApr 17, 2024
  affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

  In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() syzbot found another use-after-free in ip6_route_mpath_notify() [1] Commit f7225172f25a ("net/ipv6: prevent use after free in ip6_route_mpath_notify") w

• CVE-2024-26851MedApr 17, 2024
  affected < 5.14.21-150500.13.67.3fixed 5.14.21-150500.13.67.3

  In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: Add protection for bmp length out of range UBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts that are out of bounds for their data type. vmlinux get_bitmap(

• CVE-2024-26900Apr 17, 2024
  affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1

  In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev->serial If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff88815a350000 (size 49152): comm "m

• CVE-2024-26896Apr 17, 2024
  affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix memory leak when starting AP Kmemleak reported this error: unreferenced object 0xd73d1180 (size 184): comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.245s) hex dump (f

• CVE-2024-26893Apr 17, 2024
  affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

  In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix double free in SMC transport cleanup path When the generic SCMI code tears down a channel, it calls the chan_free callback function, defined by each transport. Since multiple protocols m

• CVE-2024-26881Apr 17, 2024
  affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

  In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is received on HIP08 devices The HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL, but the hardware can receive 1588 messages, and set the HNS3_RXD

• CVE-2024-26879Apr 17, 2024
  affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

  In the Linux kernel, the following vulnerability has been resolved: clk: meson: Add missing clocks to axg_clk_regmaps Some clocks were missing from axg_clk_regmaps, which caused kernel panic during cat /sys/kernel/debug/clk/clk_summary [ 57.349402] Unable to handle kernel NU

• CVE-2024-26876Apr 17, 2024
  affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1

  In the Linux kernel, the following vulnerability has been resolved: drm/bridge: adv7511: fix crash on irq during probe Moved IRQ registration down to end of adv7511_probe(). If an IRQ already is pending during adv7511_probe (before adv7511_cec_init) then cec_received_msg_ts co

• CVE-2024-26874Apr 17, 2024
  affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1

  In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip It's possible that mtk_crtc->event is NULL in mtk_drm_crtc_finish_page_flip(). pending_needs_vblank value is set by mtk_crtc->event, but

• CVE-2024-26866Apr 17, 2024
  affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

  In the Linux kernel, the following vulnerability has been resolved: spi: lpspi: Avoid potential use-after-free in probe() fsl_lpspi_probe() is allocating/disposing memory manually with spi_alloc_host()/spi_alloc_target(), but uses devm_spi_register_controller(). In case of erro

• CVE-2024-26862Apr 17, 2024
  affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

  In the Linux kernel, the following vulnerability has been resolved: packet: annotate data-races around ignore_outgoing ignore_outgoing is read locklessly from dev_queue_xmit_nit() and packet_getsockopt() Add appropriate READ_ONCE()/WRITE_ONCE() annotations. syzbot reported:

• CVE-2023-52644Apr 17, 2024
  affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled When QoS is disabled, the queue priority value will not map to the correct ieee80211 queue since there is only one queue. Stop/wake queue 0