rpm package
suse/kernel-source-rt&distro=SUSE Real Time Module 15 SP5
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5
Vulnerabilities (2,442)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-35945 | — | < 5.14.21-150500.13.67.3 | 5.14.21-150500.13.67.3 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: phy: phy_device: Prevent nullptr exceptions on ISR If phydev->irq is set unconditionally, check for valid interrupt handler or fall back to polling mode to prevent nullptr exceptions in interrupt service r | ||
| CVE-2024-35943 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: pmdomain: ti: Add a null pointer check to the omap_prm_domain_init devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by chec | ||
| CVE-2024-35939 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: dma-direct: Leak pages on dma_set_decrypted() failure On TDX it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the result | ||
| CVE-2024-35938 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: decrease MHI channel buffer length to 8KB Currently buf_len field of ath11k_mhi_config_qca6390 is assigned with 0, making MHI use a default size, 64KB, to allocate channel buffers. This is likely | ||
| CVE-2024-35937 | — | < 5.14.21-150500.13.79.1 | 5.14.21-150500.13.79.1 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's another subframe in the A-MSDU but the header isn't fully there, we can end up reading data out of bounds, only to discard later. Make | ||
| CVE-2024-35932 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/vc4: don't check if plane->state->fb == state->fb Currently, when using non-blocking commits, we can see the following kernel warning: [ 110.908514] ------------[ cut here ]------------ [ 110.908529] ref | ||
| CVE-2024-35924 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Limit read size on v1.2 Between UCSI 1.2 and UCSI 2.0, the size of the MESSAGE_IN region was increased from 16 to 256. In order to avoid overflowing reads for older systems, add a mechanism to | ||
| CVE-2023-52699 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: sysv: don't call sb_bread() with pointers_lock held syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_loc | ||
| CVE-2024-35915 | Med | 5.5 | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet syzbot reported the following uninit-value access issue [1][2]: nci_rx_work() parses and processes received packet. When the payload length is zero, | |
| CVE-2024-35905 | Hig | 7.8 | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflow | |
| CVE-2024-35902 | Med | 5.5 | < 5.14.21-150500.13.67.3 | 5.14.21-150500.13.67.3 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: * cp is a parameter of __rds_rdma_map and is not reassigned. * T | |
| CVE-2024-35900 | Med | 5.5 | < 5.14.21-150500.13.61.1 | 5.14.21-150500.13.61.1 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject new basechain after table flag update When dormant flag is toggled, hooks are disabled in the commit phase by iterating over current chains in table (existing and new). The followi | |
| CVE-2024-35899 | Med | 6.1 | < 5.14.21-150500.13.64.1 | 5.14.21-150500.13.64.1 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: flush pending destroy work before exit_net release Similar to 2c9f0293280e ("netfilter: nf_tables: flush pending destroy work before netlink notifier") to address a race between exit_net a | |
| CVE-2024-35898 | Med | 5.5 | < 5.14.21-150500.13.61.1 | 5.14.21-150500.13.61.1 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can concurrent with __nft_flowtable_type_get() within nf_tables_newf | |
| CVE-2024-35897 | Med | 5.5 | < 5.14.21-150500.13.67.3 | 5.14.21-150500.13.67.3 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: discard table flag update with pending basechain deletion Hook unregistration is deferred to the commit phase, same occurs with hook updates triggered by the table dormant flag. When both | |
| CVE-2024-35896 | Hig | 7.1 | < 5.14.21-150500.13.61.1 | 5.14.21-150500.13.61.1 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs exposed by BPF after commit 20f2505fb436 ("bpf: Try to avoid kzalloc in cgroup/{s,g}etsockopt") setsockopt() @o | |
| CVE-2024-35895 | Med | 5.5 | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Prevent lock inversion deadlock in map delete elem syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Because BPF tracing programs can be in | |
| CVE-2024-35893 | Med | 5.5 | < 5.14.21-150500.13.64.1 | 5.14.21-150500.13.64.1 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: prevent kernel-infoleak syzbot found that tcf_skbmod_dump() was copying four bytes from kernel stack to user space [1]. The issue here is that 'struct tc_skbmod' has a four bytes hole. | |
| CVE-2024-35888 | Med | 5.5 | < 5.14.21-150500.13.79.1 | 5.14.21-150500.13.79.1 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: erspan: make sure erspan_base_hdr is present in skb->head syzbot reported a problem in ip6erspan_rcv() [1] Issue is that ip6erspan_rcv() (and erspan_rcv()) no longer make sure erspan_base_hdr is present in skb | |
| CVE-2024-35886 | Hig | 7.8 | < 5.14.21-150500.13.61.1 | 5.14.21-150500.13.61.1 | May 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix infinite recursion in fib6_dump_done(). syzkaller reported infinite recursive calls of fib6_dump_done() during netlink socket destruction. [1] From the log, syzkaller sent an AF_UNSPEC RTM_GETROUTE |
- CVE-2024-35945May 19, 2024affected < 5.14.21-150500.13.67.3fixed 5.14.21-150500.13.67.3
In the Linux kernel, the following vulnerability has been resolved: net: phy: phy_device: Prevent nullptr exceptions on ISR If phydev->irq is set unconditionally, check for valid interrupt handler or fall back to polling mode to prevent nullptr exceptions in interrupt service r
- CVE-2024-35943May 19, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: pmdomain: ti: Add a null pointer check to the omap_prm_domain_init devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by chec
- CVE-2024-35939May 19, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: dma-direct: Leak pages on dma_set_decrypted() failure On TDX it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the result
- CVE-2024-35938May 19, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: decrease MHI channel buffer length to 8KB Currently buf_len field of ath11k_mhi_config_qca6390 is assigned with 0, making MHI use a default size, 64KB, to allocate channel buffers. This is likely
- CVE-2024-35937May 19, 2024affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's another subframe in the A-MSDU but the header isn't fully there, we can end up reading data out of bounds, only to discard later. Make
- CVE-2024-35932May 19, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: don't check if plane->state->fb == state->fb Currently, when using non-blocking commits, we can see the following kernel warning: [ 110.908514] ------------[ cut here ]------------ [ 110.908529] ref
- CVE-2024-35924May 19, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Limit read size on v1.2 Between UCSI 1.2 and UCSI 2.0, the size of the MESSAGE_IN region was increased from 16 to 256. In order to avoid overflowing reads for older systems, add a mechanism to
- CVE-2023-52699May 19, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: sysv: don't call sb_bread() with pointers_lock held syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_loc
- affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet syzbot reported the following uninit-value access issue [1][2]: nci_rx_work() parses and processes received packet. When the payload length is zero,
- affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflow
- affected < 5.14.21-150500.13.67.3fixed 5.14.21-150500.13.67.3
In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: * cp is a parameter of __rds_rdma_map and is not reassigned. * T
- affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject new basechain after table flag update When dormant flag is toggled, hooks are disabled in the commit phase by iterating over current chains in table (existing and new). The followi
- affected < 5.14.21-150500.13.64.1fixed 5.14.21-150500.13.64.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: flush pending destroy work before exit_net release Similar to 2c9f0293280e ("netfilter: nf_tables: flush pending destroy work before netlink notifier") to address a race between exit_net a
- affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can concurrent with __nft_flowtable_type_get() within nf_tables_newf
- affected < 5.14.21-150500.13.67.3fixed 5.14.21-150500.13.67.3
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: discard table flag update with pending basechain deletion Hook unregistration is deferred to the commit phase, same occurs with hook updates triggered by the table dormant flag. When both
- affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs exposed by BPF after commit 20f2505fb436 ("bpf: Try to avoid kzalloc in cgroup/{s,g}etsockopt") setsockopt() @o
- affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Prevent lock inversion deadlock in map delete elem syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Because BPF tracing programs can be in
- affected < 5.14.21-150500.13.64.1fixed 5.14.21-150500.13.64.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: prevent kernel-infoleak syzbot found that tcf_skbmod_dump() was copying four bytes from kernel stack to user space [1]. The issue here is that 'struct tc_skbmod' has a four bytes hole.
- affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1
In the Linux kernel, the following vulnerability has been resolved: erspan: make sure erspan_base_hdr is present in skb->head syzbot reported a problem in ip6erspan_rcv() [1] Issue is that ip6erspan_rcv() (and erspan_rcv()) no longer make sure erspan_base_hdr is present in skb
- affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix infinite recursion in fib6_dump_done(). syzkaller reported infinite recursive calls of fib6_dump_done() during netlink socket destruction. [1] From the log, syzkaller sent an AF_UNSPEC RTM_GETROUTE
Page 79 of 123