AZL-50188 CVE-2024-46842 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfcgetsfpinfo The MBXTIMEOUT return code is not handled in lpfcgetsfpinfo and the routine unconditionally frees submitted mailbox commands regardless of return status. The issue is that for...

kernel: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2capchantimeout There is a race condition between l2capchantimeout and l2capchandel. When we use l2capchandel to delete the channel, the chan-conn will be set to null. But the conn could b...

SUSE CVE-2024-46718

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't overmap identity VRAM mapping Overmapping the identity VRAM mapping is triggering hardware bugs on certain platforms. Use 2M pages for the last unaligned to 1G VRAM chunk. v2: - Always use 2M pages for last chunk Fe...

SUSE CVE-2024-46750

In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pcibuslock One of the true positives that the cfgaccesslock lockdep effort identified is this sequence: WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pcibridgesecondarybusreset+0x5d/0x70 RIP:...

UBUNTU-CVE-2024-46744

In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in picklink" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read from disk. The reason...

net/iucv: fix use after free in iucv_sock_close()

...

kernel: mm: cachestat: fix two shmem bugs

CVE-2024-35797 is a vulnerability in the Linux kernel’s memory management, specifically affecting the cachestat feature when handling shared memory. The flaw stems from race conditions during operations like swapping or invalidation, which can lead to out-of-bounds memory access or invalid pointe...

CVE-2024-44993

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix out-of-bounds read in v3dcsdjobrun When enabling UBSAN on Raspberry Pi 5, we get the following warning: 387.894977 UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3dsched.c:320:3 387.903868 index 7 is out of...

DEBIAN-CVE-2024-44987

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6sendskb syzbot reported an UAF in ip6sendskb 1 After ip6localout has returned, we no longer can safely dereference rt, unless we hold rcureadlock. A similar issue has been fixed in commit a688caa34beb "ipv...

kernel: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix data races in unixreleasesock/unixstreamsendmsg A data-race condition has been identified in afunix. In one data path, the write function unixreleasesock atomically writes to sk-skshutdown using WRITEONCE. However, on...

AZL-49111 CVE-2024-44938 affecting package kernel for versions less than 5.15.182.1-1

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix shift-out-of-bounds in dbDiscardAG When searching for the next smaller log2 block, BLKSTOL2 returned 0, causing shift exponent -1 to be negative. This patch fixes the issue by exiting the loop directly when negative shif...

UBUNTU-CVE-2024-44933

In the Linux kernel, the following vulnerability has been resolved: bnxten : Fix memory out-of-bounds in bnxtfillhwrsstbl A recent commit has modified the code in bnxtreserverings to set the default RSS indirection table to default only when the number of RX rings is changing. While this works fo...

DEBIAN-CVE-2022-48939

In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1:1:27 blocked for more than 140 seconds. INFO: task hung in rcubarrier Nothing prevents batch ops to...

SUSE CVE-2022-48888

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Fix memory leak in msmmdssparsedatabusiccpath oficcget alloc resources for path1, we should release it when not need anymore. Early return when ISERRORNULLpath0 may leak path1. Defer getting path1 to fix this...

UBUNTU-CVE-2022-48877

In the Linux kernel, the following vulnerability has been resolved: f2fs: let's avoid panic if extenttree is not created This patch avoids the below panic. pc : lookupextenttree+0xd8/0x760 lr : f2fsdowritedatapage+0x104/0x87c sp : ffffffc010cbb3c0 x29: ffffffc010cbb3e0 x28: 0000000000000000 x27:...

DEBIAN-CVE-2024-43872

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup under heavy CEQE load CEQEs are handled in interrupt handler currently. This may cause the CPU core staying in interrupt context too long and lead to soft lockup under heavy load. Handle CEQEs in BH...

AZL-48056 CVE-2024-43857 affecting package kernel for versions less than 6.6.64.2-9

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null reference error when checking end of zone This patch fixes a potentially null pointer being accessed by isendzoneblkaddr that checks the last block of a zone when f2fs is mounted as a single device...

DEBIAN-CVE-2024-43851

In the Linux kernel, the following vulnerability has been resolved: soc: xilinx: rename cpunumber1 to dummycpunumber The per cpu variable cpunumber1 is passed to xlnxeventhandler as argument "devid", but it is not used in this function. So drop the initialization of this variable and rename it to...

CVE-2024-43851

In the Linux kernel, the following vulnerability has been resolved: soc: xilinx: rename cpunumber1 to dummycpunumber The per cpu variable cpunumber1 is passed to xlnxeventhandler as argument "devid", but it is not used in this function. So drop the initialization of this variable and rename it to...

DEBIAN-CVE-2024-42315

In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on exfatgetdentryset When accessing a file with more entries than ESMAXENTRYNUM, the bh-array is allocated in exfatgetentryset. The problem is that the bh-array is allocated with GFPKERNEL. It does n...