rpm package
suse/kernel-syms-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP5
pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5
Vulnerabilities (2,432)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-26778 | — | < 5.14.21-150500.33.57.1 | 5.14.21-150500.33.57.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-ze | ||
| CVE-2024-26777 | — | < 5.14.21-150500.33.57.1 | 5.14.21-150500.33.57.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero | ||
| CVE-2024-26776 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Return IRQ_NONE from the interrupt handler when no interrupt was detected. Because an empty interrupt will cause a null pointer error: Una | ||
| CVE-2024-26775 | — | < 5.14.21-150500.33.57.1 | 5.14.21-150500.33.57.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: aoe: avoid potential deadlock at set_capacity Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario: CPU0 CPU1 | ||
| CVE-2024-26773 | — | < 5.14.21-150500.33.51.1 | 5.14.21-150500.33.51.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a | ||
| CVE-2024-26772 | — | < 5.14.21-150500.33.51.1 | 5.14.21-150500.33.51.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating block | ||
| CVE-2024-26771 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Add some null pointer checks to the edma_probe devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by che | ||
| CVE-2024-26769 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid deadlock on delete association path When deleting an association the shutdown path is deadlocking because we try to flush the nvmet_wq nested. Avoid this by deadlock by deferring the put work in | ||
| CVE-2024-26767 | — | < 5.14.21-150500.33.69.1 | 5.14.21-150500.33.69.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed integer types and null check locations [why]: issues fixed: - comparison with wider integer type in loop condition which can cause infinite loops - pointer dereference before null check | ||
| CVE-2024-26766 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Unfortunately the commit `fd8958efe877` introduced another error causing the `descs` array to overflow. This reults in further crashes easily reproducible by ` | ||
| CVE-2024-26764 | — | < 5.14.21-150500.33.51.1 | 5.14.21-150500.33.51.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio If kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the following kernel warning appears: WARNING: CPU: 3 PID: 368 at fs/aio.c: | ||
| CVE-2024-26763 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified [1]. So, fix this proble | ||
| CVE-2024-26760 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: target: pscsi: Fix bio_put() for error case As of commit 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc wrapper"), a bio allocated by bio_kmalloc() must be freed by bio_uninit() and kfree(). | ||
| CVE-2024-26759 | — | < 5.14.21-150500.33.69.1 | 5.14.21-150500.33.69.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping swapcache When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads swapin the same entry at the same time, they get different pages (A, B). Before one thread (T0) | ||
| CVE-2024-26758 | — | < 5.14.21-150500.33.57.1 | 5.14.21-150500.33.57.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: md: Don't ignore suspended array in md_check_recovery() mddev_suspend() never stop sync_thread, hence it doesn't make sense to ignore suspended array in md_check_recovery(), which might cause sync_thread can't | ||
| CVE-2024-26754 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() The gtp_net_ops pernet operations structure for the subsystem must be registered before registering the generic netlink family. Syzkaller hit ' | ||
| CVE-2024-26751 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: ARM: ep93xx: Add terminator to gpiod_lookup_table Without the terminator, if a con_id is passed to gpio_find() that does not exist in the lookup table the function will not stop looping correctly, and eventuall | ||
| CVE-2024-26749 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() ... cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request); list_del_init(&priv_req->list); ... 'priv_req' actually fr | ||
| CVE-2024-26748 | — | < 5.14.21-150500.33.57.1 | 5.14.21-150500.33.57.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if (request->complete) { 830 spin_unlock(&priv_dev->lock); 831 usb_gadget_giveback_request(&priv_ep->endpoint, 832 | ||
| CVE-2024-26747 | — | < 5.14.21-150500.33.48.1 | 5.14.21-150500.33.48.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usb_role_switch parent's module reference after the user get usb_role_switch device and put the r |
- CVE-2024-26778Apr 3, 2024affected < 5.14.21-150500.33.57.1fixed 5.14.21-150500.33.57.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-ze
- CVE-2024-26777Apr 3, 2024affected < 5.14.21-150500.33.57.1fixed 5.14.21-150500.33.57.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero
- CVE-2024-26776Apr 3, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Return IRQ_NONE from the interrupt handler when no interrupt was detected. Because an empty interrupt will cause a null pointer error: Una
- CVE-2024-26775Apr 3, 2024affected < 5.14.21-150500.33.57.1fixed 5.14.21-150500.33.57.1
In the Linux kernel, the following vulnerability has been resolved: aoe: avoid potential deadlock at set_capacity Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario: CPU0 CPU1
- CVE-2024-26773Apr 3, 2024affected < 5.14.21-150500.33.51.1fixed 5.14.21-150500.33.51.1
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a
- CVE-2024-26772Apr 3, 2024affected < 5.14.21-150500.33.51.1fixed 5.14.21-150500.33.51.1
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating block
- CVE-2024-26771Apr 3, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Add some null pointer checks to the edma_probe devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by che
- CVE-2024-26769Apr 3, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid deadlock on delete association path When deleting an association the shutdown path is deadlocking because we try to flush the nvmet_wq nested. Avoid this by deadlock by deferring the put work in
- CVE-2024-26767Apr 3, 2024affected < 5.14.21-150500.33.69.1fixed 5.14.21-150500.33.69.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed integer types and null check locations [why]: issues fixed: - comparison with wider integer type in loop condition which can cause infinite loops - pointer dereference before null check
- CVE-2024-26766Apr 3, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Unfortunately the commit `fd8958efe877` introduced another error causing the `descs` array to overflow. This reults in further crashes easily reproducible by `
- CVE-2024-26764Apr 3, 2024affected < 5.14.21-150500.33.51.1fixed 5.14.21-150500.33.51.1
In the Linux kernel, the following vulnerability has been resolved: fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio If kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the following kernel warning appears: WARNING: CPU: 3 PID: 368 at fs/aio.c:
- CVE-2024-26763Apr 3, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified [1]. So, fix this proble
- CVE-2024-26760Apr 3, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: scsi: target: pscsi: Fix bio_put() for error case As of commit 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc wrapper"), a bio allocated by bio_kmalloc() must be freed by bio_uninit() and kfree().
- CVE-2024-26759Apr 3, 2024affected < 5.14.21-150500.33.69.1fixed 5.14.21-150500.33.69.1
In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping swapcache When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads swapin the same entry at the same time, they get different pages (A, B). Before one thread (T0)
- CVE-2024-26758Apr 3, 2024affected < 5.14.21-150500.33.57.1fixed 5.14.21-150500.33.57.1
In the Linux kernel, the following vulnerability has been resolved: md: Don't ignore suspended array in md_check_recovery() mddev_suspend() never stop sync_thread, hence it doesn't make sense to ignore suspended array in md_check_recovery(), which might cause sync_thread can't
- CVE-2024-26754Apr 3, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() The gtp_net_ops pernet operations structure for the subsystem must be registered before registering the generic netlink family. Syzkaller hit '
- CVE-2024-26751Apr 3, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: ARM: ep93xx: Add terminator to gpiod_lookup_table Without the terminator, if a con_id is passed to gpio_find() that does not exist in the lookup table the function will not stop looping correctly, and eventuall
- CVE-2024-26749Apr 3, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() ... cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request); list_del_init(&priv_req->list); ... 'priv_req' actually fr
- CVE-2024-26748Apr 3, 2024affected < 5.14.21-150500.33.57.1fixed 5.14.21-150500.33.57.1
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if (request->complete) { 830 spin_unlock(&priv_dev->lock); 831 usb_gadget_giveback_request(&priv_ep->endpoint, 832
- CVE-2024-26747Apr 3, 2024affected < 5.14.21-150500.33.48.1fixed 5.14.21-150500.33.48.1
In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usb_role_switch parent's module reference after the user get usb_role_switch device and put the r
Page 99 of 122