VYPR

rpm package

suse/kgraft-patch-SLE12-SP5_Update_58&distro=SUSE Linux Enterprise Live Patching 12 SP5

pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_58&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Vulnerabilities (210)

  • CVE-2024-36880May 30, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced buffer.

  • CVE-2024-36025May 30, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() The app_reply->elem[] array is allocated earlier in this function and it has app_req.num_ports elements. Thus this > comparison needs to be >= to preven

  • CVE-2024-36017May 30, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Each attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a struct ifla_vf_vlan_info so the size of such attribute needs to be at least o

  • CVE-2024-36016May 29, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - si

  • CVE-2023-52881May 29, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guidelines: The

  • CVE-2024-36014May 29, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: drm/arm/malidp: fix a possible null pointer dereference In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no check is performed. In order to prevent null pointer dereferencing, ensure that

  • CVE-2021-47571May 24, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() The free_rtllib() function frees the "dev" pointer so there is use after free on the next line. Re-arrange things to avoid that.

  • CVE-2021-47566May 24, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has

  • CVE-2021-47547May 24, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound In line 5001, if all id in the array 'lp->phy[8]' is not 0, when the 'for' end, the 'k' is 8. At this time, the array 'lp->phy

  • CVE-2021-47544May 24, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root ca

  • CVE-2021-47520May 24, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: can: pch_can: pch_can_rx_normal: fix use after free After calling netif_receive_skb(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is dereferenced just after the call n

  • CVE-2021-47518May 24, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done The done() netlink callback nfc_genl_dump_ses_done() should check if received argument is non-NULL, because its allocation could fail earlier in d

  • CVE-2021-47498May 22, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come from outside events, such as elevator switch, updati

  • CVE-2021-47445May 22, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix null pointer dereference on pointer edp The initialization of pointer dev dereferences pointer edp before edp is null checked, so there is a potential null pointer deference issue. Fix this by only

  • CVE-2021-47438May 22, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path Prior to this patch in case mlx5_core_destroy_cq() failed it returns without completing all destroy operations and that leads to memory leak. Inst

  • CVE-2021-47434May 22, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is located at [6:63] bits of the command ring control register (CRCR). All the control bits like command stop, abort a

  • CVE-2023-52737MedMay 21, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: lock the inode in shared mode before starting fiemap Currently fiemap does not take the inode's lock (VFS lock), it only locks a file range in the inode's io tree. This however can lead to a deadlock if

  • CVE-2023-52855May 21, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency In _dwc2_hcd_urb_enqueue(), "urb->hcpriv = NULL" is executed without holding the lock "hsotg->lock". In _dwc2_hcd_urb_dequeue():

  • CVE-2023-52845May 21, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in

  • CVE-2023-52843May 21, 2024
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header LLC reads the mac header with eth_hdr without verifying that the skb has an Ethernet header. Syzbot was able to enter llc_rcv on a tun device. Tun can insert packe

Page 6 of 11