rpm package

suse/kernel-syms-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP6

pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6

Vulnerabilities (3,769)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-57912		—	< 6.4.0-150600.8.26.1	6.4.0-150600.8.26.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp
CVE-2024-57911		—	< 6.4.0-150600.8.26.1	6.4.0-150600.8.26.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer The 'data' array is allocated via kmalloc() and it is used to push data to user space from a triggered buffer, but it does not set v
CVE-2024-57910		—	< 6.4.0-150600.8.26.1	6.4.0-150600.8.26.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data elemen
CVE-2024-57908		—	< 6.4.0-150600.8.26.1	6.4.0-150600.8.26.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses i
CVE-2024-57907		—	< 6.4.0-150600.8.26.1	6.4.0-150600.8.26.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: iio: adc: rockchip_saradc: fix information leak in triggered buffer The 'data' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it on
CVE-2024-57906		—	< 6.4.0-150600.8.26.1	6.4.0-150600.8.26.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads8688: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only u
CVE-2024-57904		—	< 6.4.0-150600.8.26.1	6.4.0-150600.8.26.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce() on st->ts_input, however, the err label can be reached before the allocated i
CVE-2025-21653	Med	5.5	< 6.4.0-150600.8.26.1	6.4.0-150600.8.26.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute syzbot found that TCA_FLOW_RSHIFT attribute was not validated. Right shitfing a 32bit integer is undefined for large shift values. UBSAN: shift-out-of-bo
CVE-2025-21648	Med	5.5	< 6.4.0-150600.8.40.1	6.4.0-150600.8.40.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing has
CVE-2025-21647	Hig	7.1	< 6.4.0-150600.8.31.1	6.4.0-150600.8.31.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters
CVE-2025-21640	Med	5.5	< 6.4.0-150600.8.31.1	6.4.0-150600.8.31.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency:
CVE-2025-21639	Med	5.5	< 6.4.0-150600.8.31.1	6.4.0-150600.8.31.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: rto_min/max: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: gett
CVE-2025-21638	Med	5.5	< 6.4.0-150600.8.31.1	6.4.0-150600.8.31.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: auth_enable: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: gett
CVE-2025-21652		—	< 6.4.0-150600.8.26.1	6.4.0-150600.8.26.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlan_get_iflink(). syzbot presented an use-after-free report [0] regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If t
CVE-2025-21651		—	< 6.4.0-150600.8.26.1	6.4.0-150600.8.26.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: net: hns3: don't auto enable misc vector Currently, there is a time window between misc irq enabled and service task inited. If an interrupte is reported at this time, it will cause warning like below: [ 16.
CVE-2025-21650		—	< 6.4.0-150600.8.26.1	6.4.0-150600.8.26.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue The TQP BAR space is divided into two segments. TQPs 0-1023 and TQPs 1024-1279 are in different BAR space addresses. However, hclge_fet
CVE-2025-21649		—	< 6.4.0-150600.8.26.1	6.4.0-150600.8.26.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices Currently, HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL. But the tx process would still try to set hardware time stamp
CVE-2025-21646		—	< 6.4.0-150600.8.26.1	6.4.0-150600.8.26.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: afs: Fix the maximum cell name length The kafs filesystem limits the maximum length of a cell to 256 bytes, but a problem occurs if someone actually does that: kafs tries to create a directory under /proc/net/a
CVE-2025-21645		—	< 6.4.0-150600.8.26.1	6.4.0-150600.8.26.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it Wakeup for IRQ1 should be disabled only in cases where i8042 had actually enabled it, otherwise "wake_depth" for this IRQ will try
CVE-2025-21637		—	< 6.4.0-150600.8.31.1	6.4.0-150600.8.31.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udp_port: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting

CVE-2024-57912Jan 19, 2025
affected < 6.4.0-150600.8.26.1fixed 6.4.0-150600.8.26.1
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp
CVE-2024-57911Jan 19, 2025
affected < 6.4.0-150600.8.26.1fixed 6.4.0-150600.8.26.1
In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer The 'data' array is allocated via kmalloc() and it is used to push data to user space from a triggered buffer, but it does not set v
CVE-2024-57910Jan 19, 2025
affected < 6.4.0-150600.8.26.1fixed 6.4.0-150600.8.26.1
In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data elemen
CVE-2024-57908Jan 19, 2025
affected < 6.4.0-150600.8.26.1fixed 6.4.0-150600.8.26.1
In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses i
CVE-2024-57907Jan 19, 2025
affected < 6.4.0-150600.8.26.1fixed 6.4.0-150600.8.26.1
In the Linux kernel, the following vulnerability has been resolved: iio: adc: rockchip_saradc: fix information leak in triggered buffer The 'data' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it on
CVE-2024-57906Jan 19, 2025
affected < 6.4.0-150600.8.26.1fixed 6.4.0-150600.8.26.1
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads8688: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only u
CVE-2024-57904Jan 19, 2025
affected < 6.4.0-150600.8.26.1fixed 6.4.0-150600.8.26.1
In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce() on st->ts_input, however, the err label can be reached before the allocated i
CVE-2025-21653MedJan 19, 2025
affected < 6.4.0-150600.8.26.1fixed 6.4.0-150600.8.26.1
In the Linux kernel, the following vulnerability has been resolved: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute syzbot found that TCA_FLOW_RSHIFT attribute was not validated. Right shitfing a 32bit integer is undefined for large shift values. UBSAN: shift-out-of-bo
CVE-2025-21648MedJan 19, 2025
affected < 6.4.0-150600.8.40.1fixed 6.4.0-150600.8.40.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing has
CVE-2025-21647HigJan 19, 2025
affected < 6.4.0-150600.8.31.1fixed 6.4.0-150600.8.31.1
In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters
CVE-2025-21640MedJan 19, 2025
affected < 6.4.0-150600.8.31.1fixed 6.4.0-150600.8.31.1
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency:
CVE-2025-21639MedJan 19, 2025
affected < 6.4.0-150600.8.31.1fixed 6.4.0-150600.8.31.1
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: rto_min/max: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: gett
CVE-2025-21638MedJan 19, 2025
affected < 6.4.0-150600.8.31.1fixed 6.4.0-150600.8.31.1
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: auth_enable: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: gett
CVE-2025-21652Jan 19, 2025
affected < 6.4.0-150600.8.26.1fixed 6.4.0-150600.8.26.1
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlan_get_iflink(). syzbot presented an use-after-free report [0] regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If t
CVE-2025-21651Jan 19, 2025
affected < 6.4.0-150600.8.26.1fixed 6.4.0-150600.8.26.1
In the Linux kernel, the following vulnerability has been resolved: net: hns3: don't auto enable misc vector Currently, there is a time window between misc irq enabled and service task inited. If an interrupte is reported at this time, it will cause warning like below: [ 16.
CVE-2025-21650Jan 19, 2025
affected < 6.4.0-150600.8.26.1fixed 6.4.0-150600.8.26.1
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue The TQP BAR space is divided into two segments. TQPs 0-1023 and TQPs 1024-1279 are in different BAR space addresses. However, hclge_fet
CVE-2025-21649Jan 19, 2025
affected < 6.4.0-150600.8.26.1fixed 6.4.0-150600.8.26.1
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices Currently, HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL. But the tx process would still try to set hardware time stamp
CVE-2025-21646Jan 19, 2025
affected < 6.4.0-150600.8.26.1fixed 6.4.0-150600.8.26.1
In the Linux kernel, the following vulnerability has been resolved: afs: Fix the maximum cell name length The kafs filesystem limits the maximum length of a cell to 256 bytes, but a problem occurs if someone actually does that: kafs tries to create a directory under /proc/net/a
CVE-2025-21645Jan 19, 2025
affected < 6.4.0-150600.8.26.1fixed 6.4.0-150600.8.26.1
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it Wakeup for IRQ1 should be disabled only in cases where i8042 had actually enabled it, otherwise "wake_depth" for this IRQ will try
CVE-2025-21637Jan 19, 2025
affected < 6.4.0-150600.8.31.1fixed 6.4.0-150600.8.31.1
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udp_port: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting

Page 77 of 189