VYPR

rpm package

suse/kernel-syms&distro=SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE

pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE

Vulnerabilities (263)

  • CVE-2025-21702HigFeb 18, 2025
    affected < 3.0.101-108.183.1fixed 3.0.101-108.183.1

    In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and decrease scheduler's qlen by one

  • CVE-2025-21700Feb 13, 2025
    affected < 3.0.101-108.183.1fixed 3.0.101-108.183.1

    In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was able to create a UAF which can be abused for privilege escalation with the following script Step 1. create root qdisc

  • CVE-2024-57893Jan 15, 2025
    affected < 3.0.101-108.177.1fixed 3.0.101-108.177.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal

  • CVE-2024-57850Jan 11, 2025
    affected < 3.0.101-108.177.1fixed 3.0.101-108.177.1

    In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffe

  • CVE-2024-56759Jan 6, 2025
    affected < 3.0.101-108.177.1fixed 3.0.101-108.177.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block, at btrfs_cow_block(), and we have the tracepoint trace_btrfs_cow_block() enabled and preemption is also enabled

  • CVE-2024-56658Dec 27, 2024
    affected < 3.0.101-108.180.1fixed 3.0.101-108.180.1

    In the Linux kernel, the following vulnerability has been resolved: net: defer final 'struct net' free in netns dismantle Ilya reported a slab-use-after-free in dst_destroy [1] Issue is in xfrm6_net_init() and xfrm4_net_init() : They copy xfrm[46]_dst_ops_template into net->x

  • CVE-2024-56650Dec 27, 2024
    affected < 3.0.101-108.177.1fixed 3.0.101-108.177.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix LED ID check in led_tg_check() Syzbot has reported the following BUG detected by KASAN: BUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70 Read of size 1 at addr ffff8881022da0c8 by ta

  • CVE-2024-56619Dec 27, 2024
    affected < 3.0.101-108.174.1fixed 3.0.101-108.174.1

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Syzbot reported that when searching for records in a directory where the inode's i_size is corrupted and has a large value, memory access

  • CVE-2024-56605Dec 27, 2024
    affected < 3.0.101-108.174.1fixed 3.0.101-108.174.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk o

  • CVE-2024-56604Dec 27, 2024
    affected < 3.0.101-108.174.1fixed 3.0.101-108.174.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() bt_sock_alloc() attaches allocated sk object to the provided sock object. If rfcomm_dlc_alloc() fails, we release the sk object, but l

  • CVE-2024-56601Dec 27, 2024
    affected < 3.0.101-108.177.1fixed 3.0.101-108.177.1

    In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock o

  • CVE-2024-56600Dec 27, 2024
    affected < 3.0.101-108.177.1fixed 3.0.101-108.177.1

    In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the

  • CVE-2024-56598Dec 27, 2024
    affected < 3.0.101-108.174.1fixed 3.0.101-108.174.1

    In the Linux kernel, the following vulnerability has been resolved: jfs: array-index-out-of-bounds fix in dtReadFirst The value of stbl can be sometimes out of bounds due to a bad filesystem. Added a check with appopriate return of error code in that case.

  • CVE-2024-56548Dec 27, 2024
    affected < 3.0.101-108.174.1fixed 3.0.101-108.174.1

    In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl LOOP_SET_BLOCK_SIZE. While this may cause other issues like

  • CVE-2024-56539Dec 27, 2024
    affected < 3.0.101-108.174.1fixed 3.0.101-108.174.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Replace one-element array with a flexible-array member in `struct mwifiex_ie_types_wildcard_ssid_params` to fix the following wa

  • CVE-2024-53239Dec 27, 2024
    affected < 3.0.101-108.174.1fixed 3.0.101-108.174.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: Release resources at card release The current 6fire code tries to release the resources right after the call of usb6fire_chip_abort(). But at this moment, the card object might be still in use (as

  • CVE-2024-53173Dec 27, 2024
    affected < 3.0.101-108.174.1fixed 3.0.101-108.174.1

    In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open() Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfs

  • CVE-2024-53164Dec 27, 2024
    affected < 3.0.101-108.189.1fixed 3.0.101-108.189.1

    In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when t

  • CVE-2024-53156Dec 24, 2024
    affected < 3.0.101-108.174.1fixed 3.0.101-108.174.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51 index 255

  • CVE-2024-53146Dec 24, 2024
    affected < 3.0.101-108.174.1fixed 3.0.101-108.174.1

    In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that

Page 4 of 14