VYPR

rpm package

suse/kernel-source-rt&distro=SUSE Linux Enterprise Micro 5.5

pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5

Vulnerabilities (4,559)

  • CVE-2024-26749Apr 3, 2024
    affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

    In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() ... cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request); list_del_init(&priv_req->list); ... 'priv_req' actually fr

  • CVE-2024-26748Apr 3, 2024
    affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1

    In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if (request->complete) { 830 spin_unlock(&priv_dev->lock); 831 usb_gadget_giveback_request(&priv_ep->endpoint, 832

  • CVE-2024-26747Apr 3, 2024
    affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

    In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usb_role_switch parent's module reference after the user get usb_role_switch device and put the r

  • CVE-2024-26744Apr 3, 2024
    affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

    In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Support specifying the srpt_service_guid parameter Make loading ib_srpt with this parameter set work. The current behavior is that setting that parameter while loading the ib_srpt kernel module trigg

  • CVE-2024-26743Apr 3, 2024
    affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

    In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedr_create_user_qp error flow Avoid the following warning by making sure to free the allocated resources in case that qedr_init_user_queue() fail. -----------[ cut here ]----------- WARNING: CP

  • CVE-2024-26742Apr 3, 2024
    affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix disable_managed_interrupts Correct blk-mq registration issue with module parameter disable_managed_interrupts enabled. When we turn off the default PCI_IRQ_AFFINITY flag, the driver needs t

  • CVE-2024-26739Apr 3, 2024
    affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: don't override retval if we already lost the skb If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcod

  • CVE-2024-26737Apr 3, 2024
    affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel The following race is possible between bpf_timer_cancel_and_free and bpf_timer_cancel. It will lead a UAF on the timer->timer. bpf_timer_c

  • CVE-2024-26736Apr 3, 2024
    affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

    In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in afs_update_volume_status() The max length of volume->vid value is 20 characters. So increase idbuf[] size up to 24 to avoid overflow. Found by Linux Verification Center (linuxtesti

  • CVE-2024-26735Apr 3, 2024
    affected < 5.14.21-150500.13.67.3fixed 5.14.21-150500.13.67.3

    In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering the generic netlink family.

  • CVE-2024-26733Apr 3, 2024
    affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

    In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpr

  • CVE-2024-26727Apr 3, 2024
    affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() if the newly created subvolume already got read [BUG] There is a syzbot crash, triggered by the ASSERT() during subvolume creation: assertion failed: !anon_dev, in fs/btrfs/disk-io.c:13

  • CVE-2024-26722Apr 3, 2024
    affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

    In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() There is a path in rt5645_jack_detect_work(), where rt5645->jd_mutex is left locked forever. That may lead to deadlock when rt5645_jack_detect_work() is c

  • CVE-2024-26718Apr 3, 2024
    affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

    In the Linux kernel, the following vulnerability has been resolved: dm-crypt, dm-verity: disable tasklets Tasklets have an inherent problem with memory corruption. The function tasklet_action_common calls tasklet_trylock, then it calls the tasklet callback and then it calls tas

  • CVE-2024-26717Apr 3, 2024
    affected < 5.14.21-150500.13.47.1fixed 5.14.21-150500.13.47.1

    In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid-of: fix NULL-deref on failed power up A while back the I2C HID implementation was split in an ACPI and OF part, but the new OF driver never initialises the client pointer which is dereferenced on p

  • CVE-2024-26715Apr 3, 2024
    affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1

    In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend In current scenario if Plug-out and Plug-In performed continuously there could be a chance while checking for dwc->gadget_driver in dwc3_ga

  • CVE-2024-26704Apr 3, 2024
    affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves are successfully executed, and only discards orig_inode and donor_inode preallocat

  • CVE-2024-26702Apr 3, 2024
    affected < 5.14.21-150500.13.52.1fixed 5.14.21-150500.13.52.1

    In the Linux kernel, the following vulnerability has been resolved: iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC Recently, we encounter kernel crash in function rm3100_common_probe caused by out of bound access of array rm3100_samp_rates

  • CVE-2024-26700Apr 3, 2024
    affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix MST Null Ptr for RV The change try to fix below error specific to RV platform: BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI

  • CVE-2024-26698Apr 3, 2024
    affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1

    In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove In commit ac5047671758 ("hv_netvsc: Disable NAPI before closing the VMBus channel"), napi_disable was getting called for all channels, includ

Page 212 of 228