VYPR

rpm package

suse/kernel-syms-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP6

pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6

Vulnerabilities (3,769)

  • CVE-2024-53156Dec 24, 2024
    affected < 6.4.0-150600.8.23.1fixed 6.4.0-150600.8.23.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51 index 255

  • CVE-2024-53155Dec 24, 2024
    affected < 6.4.0-150600.8.23.1fixed 6.4.0-150600.8.23.1

    In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80 ocfs2_file_read_iter+0x9a4/0xf80 __io_read

  • CVE-2024-53154Dec 24, 2024
    affected < 6.4.0-150600.8.23.1fixed 6.4.0-150600.8.23.1

    In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Add NULL check in applnco_probe Add NULL check in applnco_probe, to handle kernel NULL pointer dereference error.

  • CVE-2024-53151Dec 24, 2024
    affected < 6.4.0-150600.8.23.1fixed 6.4.0-150600.8.23.1

    In the Linux kernel, the following vulnerability has been resolved: svcrdma: Address an integer overflow Dan Carpenter reports: > Commit 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data > structure") from Jun 22, 2020 (linux-next), leads to the following > Smatch static c

  • CVE-2024-53150KEVDec 24, 2024
    affected < 6.4.0-150600.8.23.1fixed 6.4.0-150600.8.23.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provid

  • CVE-2024-53148Dec 24, 2024
    affected < 6.4.0-150600.8.23.1fixed 6.4.0-150600.8.23.1

    In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with

  • CVE-2024-53147Dec 24, 2024
    affected < 6.4.0-150600.8.31.1fixed 6.4.0-150600.8.31.1

    In the Linux kernel, the following vulnerability has been resolved: exfat: fix out-of-bounds access of directory entries In the case of the directory size is greater than or equal to the cluster size, if start_clu becomes an EOF cluster(an invalid cluster) due to file system co

  • CVE-2024-53146Dec 24, 2024
    affected < 6.4.0-150600.8.23.1fixed 6.4.0-150600.8.23.1

    In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that

  • CVE-2024-53241Dec 24, 2024
    affected < 6.4.0-150600.8.23.1fixed 6.4.0-150600.8.23.1

    In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparati

  • CVE-2024-53240Dec 24, 2024
    affected < 6.4.0-150600.8.23.1fixed 6.4.0-150600.8.23.1

    In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happen that the queues have not been setup again, causing a crash during the attempt t

  • CVE-2024-53144Dec 17, 2024
    affected < 6.4.0-150600.8.23.1fixed 6.4.0-150600.8.23.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always requ

  • CVE-2024-53142Dec 6, 2024
    affected < 6.4.0-150600.8.23.1fixed 6.4.0-150600.8.23.1

    In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpio_file := ALGN(4) + cpio_header + filename + "\0" + ALG

  • CVE-2024-53141Dec 6, 2024
    affected < 6.4.0-150600.8.23.1fixed 6.4.0-150600.8.23.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check f

  • CVE-2024-53140Dec 4, 2024
    affected < 6.4.0-150600.8.34.1fixed 6.4.0-150600.8.34.1

    In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: - start - (optional) kicks off the dumping process - dump - actual

  • CVE-2024-53139Dec 4, 2024
    affected < 6.4.0-150600.8.37.1fixed 6.4.0-150600.8.37.1

    In the Linux kernel, the following vulnerability has been resolved: sctp: fix possible UAF in sctp_v6_available() A lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints that sctp_v6_available() is calling dev_get_by_index_rcu() and ipv6_chk_addr() without holding rcu. [1] ==

  • CVE-2024-53138Dec 4, 2024
    affected < 6.4.0-150600.8.20.1fixed 6.4.0-150600.8.20.1

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of get_page() and page_ref_inc() APIs to increment the page reference. But on the release path (mlx5e_ktls_tx_handle_resy

  • CVE-2024-53136Dec 4, 2024
    affected < 6.4.0-150600.8.23.1fixed 6.4.0-150600.8.23.1

    In the Linux kernel, the following vulnerability has been resolved: mm: revert "mm: shmem: fix data-race in shmem_getattr()" Revert d949d1d14fa2 ("mm: shmem: fix data-race in shmem_getattr()") as suggested by Chuck [1]. It is causing deadlocks when accessing tmpfs over NFS. A

  • CVE-2024-53135Dec 4, 2024
    affected < 6.4.0-150600.8.40.1fixed 6.4.0-150600.8.40.1

    In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Hide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. disable support for virtualizing Intel PT via guest/host mode unless BROK

  • CVE-2024-53134Dec 4, 2024
    affected < 6.4.0-150600.8.23.1fixed 6.4.0-150600.8.23.1

    In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx93-blk-ctrl: correct remove path The check condition should be 'i < bc->onecell_data.num_domains', not 'bc->onecell_data.num_domains' which will make the look never finish and cause kernel panic.

  • CVE-2024-53133Dec 4, 2024
    affected < 6.4.0-150600.8.23.1fixed 6.4.0-150600.8.23.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle dml allocation failure to avoid crash [Why] In the case where a dml allocation fails for any reason, the current state's dml contexts would no longer be valid. Then subsequent calls dc_s

Page 92 of 189