rpm package

suse/kernel-source-rt&distro=SUSE Real Time Module 15 SP7

pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7

Vulnerabilities (2,100)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-56699		—	< 6.4.0-150700.7.8.1	6.4.0-150700.7.8.1	Dec 28, 2024	In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix potential double remove of hotplug slot In commit 6ee600bfbe0f ("s390/pci: remove hotplug slot when releasing the device") the zpci_exit_slot() was moved from zpci_device_reserved() to zpci_releas
CVE-2024-56641		—	< 6.4.0-150700.7.3.1	6.4.0-150700.7.3.1	Dec 27, 2024	In the Linux kernel, the following vulnerability has been resolved: net/smc: initialize close_work early to avoid warning We encountered a warning that close_work was canceled before initialization. WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x
CVE-2024-56613		—	< 6.4.0-150700.7.8.1	6.4.0-150700.7.8.1	Dec 27, 2024	In the Linux kernel, the following vulnerability has been resolved: sched/numa: fix memory leak due to the overwritten vma->numab_state [Problem Description] When running the hackbench program of LTP, the following memory leak is reported by kmemleak. # /opt/ltp/testcases/bi
CVE-2024-56541		—	< 6.4.0-150700.7.8.1	6.4.0-150700.7.8.1	Dec 27, 2024	In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() During ath12k module removal, in ath12k_core_deinit(), ath12k_mac_destroy() un-registers ah->hw from mac80211 and frees the ah->hw as well as all the a
CVE-2024-53149		—	< 6.4.0-150700.7.31.1	6.4.0-150700.7.31.1	Dec 24, 2024	In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: glink: fix off-by-one in connector_status UCSI connector's indices start from 1 up to 3, PMIC_GLINK_MAX_PORTS. Correct the condition in the pmic_glink_ucsi_connector_status() callback, fixing
CVE-2024-53070		—	< 6.4.0-150700.7.31.1	6.4.0-150700.7.31.1	Nov 19, 2024	In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: fix fault at system suspend if device was already runtime suspended If the device was already runtime suspended then during system suspend we cannot access the device registers else it will crash. A
CVE-2024-50293		—	< 6.4.0-150700.7.8.1	6.4.0-150700.7.8.1	Nov 19, 2024	In the Linux kernel, the following vulnerability has been resolved: net/smc: do not leave a dangling sk pointer in __smc_create() Thanks to commit 4bbd360a5084 ("socket: Print pf->create() when it does not clear sock->sk on failure."), syzbot found an issue with AF_SMC: smc_cr
CVE-2024-50223		—	< 6.4.0-150700.7.3.1	6.4.0-150700.7.3.1	Nov 9, 2024	In the Linux kernel, the following vulnerability has been resolved: sched/numa: Fix the potential null pointer dereference in task_numa_work() When running stress-ng-vm-segv test, we found a null pointer dereference error in task_numa_work(). Here is the backtrace: [323676.0
CVE-2024-50106		—	< 6.4.0-150700.7.3.1	6.4.0-150700.7.3.1	Nov 5, 2024	In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is a race between laundromat handling of revoked delegations and a client sending free_stateid operation. Laundromat thread finds that delegation has exp
CVE-2024-50083		—	< 6.4.0-150700.7.3.1	6.4.0-150700.7.3.1	Oct 29, 2024	In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. ------------[ c
CVE-2024-50034		—	< 6.4.0-150700.7.8.1	6.4.0-150700.7.8.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC Eric report a panic on IPPROTO_SMC, and give the facts that when INET_PROTOSW_ICSK was set, icsk->icsk_sync_mss must be set too. Bug: Unable to handle kernel
CVE-2024-49996		—	< 6.4.0-150700.7.16.1	6.4.0-150700.7.16.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So to get DataBuffer size it is needed to subtract InodeType's size from ReparseData
CVE-2024-46865	Hig	7.1	< 6.4.0-150700.7.3.1	6.4.0-150700.7.3.1	Sep 27, 2024	In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitialized.
CVE-2024-46763		—	< 6.4.0-150700.7.3.1	6.4.0-150700.7.3.1	Sep 18, 2024	In the Linux kernel, the following vulnerability has been resolved: fou: Fix null-ptr-deref in GRO. We observed a null-ptr-deref in fou_gro_receive() while shutting down a host. [0] The NULL pointer is sk->sk_user_data, and the offset 8 is of protocol in struct fou. When fou
CVE-2024-46733		—	< 6.4.0-150700.7.16.1	6.4.0-150700.7.16.1	Sep 18, 2024	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix qgroup reserve leaks in cow_file_range In the buffered write path, the dirty page owns the qgroup reserve until it creates an ordered_extent. Therefore, any errors that occur before the ordered_exte
CVE-2024-46713		—	< 6.4.0-150700.7.3.1	6.4.0-150700.7.3.1	Sep 13, 2024	In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment th
CVE-2024-44963		—	< 6.4.0-150700.7.13.1	6.4.0-150700.7.13.1	Sep 4, 2024	In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON() when freeing tree block after error When freeing a tree block, at btrfs_free_tree_block(), if we fail to create a delayed reference we don't deal with the error and just do a BUG_ON(). Th
CVE-2024-43869		—	< 6.4.0-150700.7.8.1	6.4.0-150700.7.8.1	Aug 21, 2024	In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via free_event() directly, this can potentially
CVE-2024-42134		—	< 6.4.0-150700.7.13.1	6.4.0-150700.7.13.1	Jul 30, 2024	In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Check if is_avq is NULL [bug] In the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved to determine whether it is admin virtqueue, but this function vp_dev->is_avq may be empty. F
CVE-2024-42103		—	< 6.4.0-150700.7.31.1	6.4.0-150700.7.31.1	Jul 30, 2024	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying in btrfs_reclaim_bgs_work and adding to the unused list. Since the block

CVE-2024-56699Dec 28, 2024
affected < 6.4.0-150700.7.8.1fixed 6.4.0-150700.7.8.1
In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix potential double remove of hotplug slot In commit 6ee600bfbe0f ("s390/pci: remove hotplug slot when releasing the device") the zpci_exit_slot() was moved from zpci_device_reserved() to zpci_releas
CVE-2024-56641Dec 27, 2024
affected < 6.4.0-150700.7.3.1fixed 6.4.0-150700.7.3.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: initialize close_work early to avoid warning We encountered a warning that close_work was canceled before initialization. WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x
CVE-2024-56613Dec 27, 2024
affected < 6.4.0-150700.7.8.1fixed 6.4.0-150700.7.8.1
In the Linux kernel, the following vulnerability has been resolved: sched/numa: fix memory leak due to the overwritten vma->numab_state [Problem Description] When running the hackbench program of LTP, the following memory leak is reported by kmemleak. # /opt/ltp/testcases/bi
CVE-2024-56541Dec 27, 2024
affected < 6.4.0-150700.7.8.1fixed 6.4.0-150700.7.8.1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() During ath12k module removal, in ath12k_core_deinit(), ath12k_mac_destroy() un-registers ah->hw from mac80211 and frees the ah->hw as well as all the a
CVE-2024-53149Dec 24, 2024
affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: glink: fix off-by-one in connector_status UCSI connector's indices start from 1 up to 3, PMIC_GLINK_MAX_PORTS. Correct the condition in the pmic_glink_ucsi_connector_status() callback, fixing
CVE-2024-53070Nov 19, 2024
affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: fix fault at system suspend if device was already runtime suspended If the device was already runtime suspended then during system suspend we cannot access the device registers else it will crash. A
CVE-2024-50293Nov 19, 2024
affected < 6.4.0-150700.7.8.1fixed 6.4.0-150700.7.8.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: do not leave a dangling sk pointer in __smc_create() Thanks to commit 4bbd360a5084 ("socket: Print pf->create() when it does not clear sock->sk on failure."), syzbot found an issue with AF_SMC: smc_cr
CVE-2024-50223Nov 9, 2024
affected < 6.4.0-150700.7.3.1fixed 6.4.0-150700.7.3.1
In the Linux kernel, the following vulnerability has been resolved: sched/numa: Fix the potential null pointer dereference in task_numa_work() When running stress-ng-vm-segv test, we found a null pointer dereference error in task_numa_work(). Here is the backtrace: [323676.0
CVE-2024-50106Nov 5, 2024
affected < 6.4.0-150700.7.3.1fixed 6.4.0-150700.7.3.1
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is a race between laundromat handling of revoked delegations and a client sending free_stateid operation. Laundromat thread finds that delegation has exp
CVE-2024-50083Oct 29, 2024
affected < 6.4.0-150700.7.3.1fixed 6.4.0-150700.7.3.1
In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. ------------[ c
CVE-2024-50034Oct 21, 2024
affected < 6.4.0-150700.7.8.1fixed 6.4.0-150700.7.8.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix lacks of icsk_syn_mss with IPPROTO_SMC Eric report a panic on IPPROTO_SMC, and give the facts that when INET_PROTOSW_ICSK was set, icsk->icsk_sync_mss must be set too. Bug: Unable to handle kernel
CVE-2024-49996Oct 21, 2024
affected < 6.4.0-150700.7.16.1fixed 6.4.0-150700.7.16.1
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So to get DataBuffer size it is needed to subtract InodeType's size from ReparseData
CVE-2024-46865HigSep 27, 2024
affected < 6.4.0-150700.7.3.1fixed 6.4.0-150700.7.3.1
In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitialized.
CVE-2024-46763Sep 18, 2024
affected < 6.4.0-150700.7.3.1fixed 6.4.0-150700.7.3.1
In the Linux kernel, the following vulnerability has been resolved: fou: Fix null-ptr-deref in GRO. We observed a null-ptr-deref in fou_gro_receive() while shutting down a host. [0] The NULL pointer is sk->sk_user_data, and the offset 8 is of protocol in struct fou. When fou
CVE-2024-46733Sep 18, 2024
affected < 6.4.0-150700.7.16.1fixed 6.4.0-150700.7.16.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix qgroup reserve leaks in cow_file_range In the buffered write path, the dirty page owns the qgroup reserve until it creates an ordered_extent. Therefore, any errors that occur before the ordered_exte
CVE-2024-46713Sep 13, 2024
affected < 6.4.0-150700.7.3.1fixed 6.4.0-150700.7.3.1
In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment th
CVE-2024-44963Sep 4, 2024
affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON() when freeing tree block after error When freeing a tree block, at btrfs_free_tree_block(), if we fail to create a delayed reference we don't deal with the error and just do a BUG_ON(). Th
CVE-2024-43869Aug 21, 2024
affected < 6.4.0-150700.7.8.1fixed 6.4.0-150700.7.8.1
In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via free_event() directly, this can potentially
CVE-2024-42134Jul 30, 2024
affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Check if is_avq is NULL [bug] In the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved to determine whether it is admin virtqueue, but this function vp_dev->is_avq may be empty. F
CVE-2024-42103Jul 30, 2024
affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying in btrfs_reclaim_bgs_work and adding to the unused list. Since the block

Page 104 of 105