rpm package
suse/kgraft-patch-SLE12-SP5_Update_57&distro=SUSE Linux Enterprise Live Patching 12 SP5
pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_57&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
Vulnerabilities (223)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-26828 | — | < 1-8.3.1 | 1-8.3.1 | Apr 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that "b | ||
| CVE-2021-47188 | Med | 5.5 | < 1-8.3.1 | 1-8.3.1 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c Call trace: ufshcd_queu | |
| CVE-2021-47206 | — | < 1-8.3.1 | 1-8.3.1 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-tmio: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value. | ||
| CVE-2024-26791 | — | < 1-8.3.1 | 1-8.3.1 | Apr 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bou | ||
| CVE-2024-26775 | — | < 1-8.3.1 | 1-8.3.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: aoe: avoid potential deadlock at set_capacity Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario: CPU0 CPU1 | ||
| CVE-2024-26752 | — | < 1-8.3.1 | 1-8.3.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6_append_data l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, | ||
| CVE-2024-26739 | — | < 1-8.3.1 | 1-8.3.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: don't override retval if we already lost the skb If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcod | ||
| CVE-2021-47171 | — | < 1-8.3.1 | 1-8.3.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [] kmall | ||
| CVE-2021-47162 | — | < 1-8.3.1 | 1-8.3.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: tipc: skb_linearize the head skb when reassembling msgs It's not a good idea to append the frag skb to a skb's frag_list if the frag_list already has skbs from elsewhere, such as this skb was created by pskb_co | ||
| CVE-2021-47131 | — | < 1-8.3.1 | 1-8.3.1 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS offload goes down, tls_device_down is called to stop the offload and tear down the TLS context. However, the socke | ||
| CVE-2021-47113 | — | < 1-8.3.1 | 1-8.3.1 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: abort in rename_exchange if we fail to insert the second ref Error injection stress uncovered a problem where we'd leave a dangling inode ref if we failed during a rename_exchange. This happens because | ||
| CVE-2024-26625 | — | < 1-8.3.1 | 1-8.3.1 | Mar 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: llc: call sock_orphan() at release time syzbot reported an interesting trace [1] caused by a stale sk->sk_wq pointer in a closed llc socket. In commit ff7b11aa481f ("net: socket: set sock->sk to NULL after cal | ||
| CVE-2023-52591 | — | < 1-8.3.1 | 1-8.3.1 | Mar 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: reiserfs: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change reiserfs rename code to avoid touching renamed directory if | ||
| CVE-2023-52586 | — | < 1-8.3.1 | 1-8.3.1 | Mar 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registe | ||
| CVE-2023-52527 | — | < 1-8.3.1 | 1-8.3.1 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() Including the transhdrlen in length is a problem when the packet is partially filled (e.g. something like send(MSG_MORE) happened previously) wh | ||
| CVE-2021-47074 | — | < 1-8.3.1 | 1-8.3.1 | Mar 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvme-loop: fix memory leak in nvme_loop_create_ctrl() When creating loop ctrl in nvme_loop_create_ctrl(), if nvme_init_ctrl() fails, the loop ctrl should be freed before jumping to the "out" label. | ||
| CVE-2021-46955 | — | < 1-8.3.1 | 1-8.3.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets: BUG: KASAN | ||
| CVE-2021-46933 | — | < 1-8.3.1 | 1-8.3.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmou | ||
| CVE-2024-0639 | — | < 1-8.3.1 | 1-8.3.1 | Jan 17, 2024 | A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system. | ||
| CVE-2023-47233 | Med | 4.3 | < 1-8.3.1 | 1-8.3.1 | Nov 3, 2023 | The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is r |
- CVE-2024-26828Apr 17, 2024affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that "b
- affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c Call trace: ufshcd_queu
- CVE-2021-47206Apr 10, 2024affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-tmio: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value.
- CVE-2024-26791Apr 4, 2024affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bou
- CVE-2024-26775Apr 3, 2024affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: aoe: avoid potential deadlock at set_capacity Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario: CPU0 CPU1
- CVE-2024-26752Apr 3, 2024affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6_append_data l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this,
- CVE-2024-26739Apr 3, 2024affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: don't override retval if we already lost the skb If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcod
- CVE-2021-47171Mar 25, 2024affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [] kmall
- CVE-2021-47162Mar 25, 2024affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: tipc: skb_linearize the head skb when reassembling msgs It's not a good idea to append the frag skb to a skb's frag_list if the frag_list already has skbs from elsewhere, such as this skb was created by pskb_co
- CVE-2021-47131Mar 15, 2024affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS offload goes down, tls_device_down is called to stop the offload and tear down the TLS context. However, the socke
- CVE-2021-47113Mar 15, 2024affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: abort in rename_exchange if we fail to insert the second ref Error injection stress uncovered a problem where we'd leave a dangling inode ref if we failed during a rename_exchange. This happens because
- CVE-2024-26625Mar 6, 2024affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: llc: call sock_orphan() at release time syzbot reported an interesting trace [1] caused by a stale sk->sk_wq pointer in a closed llc socket. In commit ff7b11aa481f ("net: socket: set sock->sk to NULL after cal
- CVE-2023-52591Mar 6, 2024affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: reiserfs: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change reiserfs rename code to avoid touching renamed directory if
- CVE-2023-52586Mar 6, 2024affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registe
- CVE-2023-52527Mar 2, 2024affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() Including the transhdrlen in length is a problem when the packet is partially filled (e.g. something like send(MSG_MORE) happened previously) wh
- CVE-2021-47074Mar 1, 2024affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: nvme-loop: fix memory leak in nvme_loop_create_ctrl() When creating loop ctrl in nvme_loop_create_ctrl(), if nvme_init_ctrl() fails, the loop ctrl should be freed before jumping to the "out" label.
- CVE-2021-46955Feb 27, 2024affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets: BUG: KASAN
- CVE-2021-46933Feb 27, 2024affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmou
- CVE-2024-0639Jan 17, 2024affected < 1-8.3.1fixed 1-8.3.1
A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.
- affected < 1-8.3.1fixed 1-8.3.1
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is r
Page 11 of 12