AZL-53606 CVE-2024-50302 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via...

CVE-2024-50302 HID: core: zero-initialize the report buffer

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via...

CVE-2024-50302

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via...

CVE-2024-50302 HID: core: zero-initialize the report buffer

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via...

CVE-2024-50302

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let’s zero-initialize it during allocation to make sure that it can’t be ever used to leak kernel memory via...

kernel: nbd: always initialize struct msghdr completely

In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg-msggetinq value can be uninitialized 1 struct msghdr got many new fields recently, we should always make sure their values is zero by default. 1 BUG: KMSAN...

kernel: nvmet: always initialize cqe.result

In the Linux kernel, the following vulnerability has been resolved: nvmet: always initialize cqe.result The spec doesn't mandate that the first two double words aka results for the command queue entry need to be set to 0 when they are not used not specified. Though, the target implemention return...

kernel: mptcp: ensure snd_nxt is properly initialized on connect

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure sndnxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snduna: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 mptcpcleanuna+0x4b3/0x620 net/mptcp/protocol.c:1005 Modules...

SUSE CVE-2024-49900

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of newea in eabuffer syzbot reports that lzo1x1docompress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x1docompress+0x19f9/0x2510...

CVE-2024-49892

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize getbytesperelement's default to 1 Variables, used as denominators and maybe not assigned to other values, should not be 0. bytesperelementy & bytesperelementc are initialized by getbytesperelement whic...

CVE-2024-46816 drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpudm initialize when link nums greater than maxlinks Why Coverity report OVERRUN warning. There are only maxlinks elements within dc-links. link count could up to AMDGPUDMMAXDISPLAYINDEX 31. How Make sur...

kernel: usb-storage: alauda: Check whether the media is initialized

In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alaudainfo will remain 0 if alaudainitmedia fails, potentially causing divide errors in alaudareaddata and alaudawritelba. - Add a membe...

block: initialize integrity buffer to zero before writing it to media

...

SUSE CVE-2024-43873

In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacketallow There are two issues around seqpacketallow: 1. seqpacketallow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if...

CVE-2024-42312

CVE-2024-42312 relates to the Linux kernel vulnerability where sysctl did not consistently initialize i_uid/i_gid. The resolution initializes i_uid/i_gid inside the sysfs core so that set_ownership() can safely skip setting them. The change is documented as part of commit 5ec27ec735ba, which fixe...

CVE-2024-42283 net: nexthop: Initialize all fields in dumped nexthops

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthopgrp contains two reserved fields that are not initialized by nlaputnhgroup, and carry garbage. This can be observed e.g. with strace edited for clarity: ip...

CVE-2024-42283 net: nexthop: Initialize all fields in dumped nexthops

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthopgrp contains two reserved fields that are not initialized by nlaputnhgroup, and carry garbage. This can be observed e.g. with strace edited for clarity: ip...

SUSE CVE-2024-41059

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copyname syzbot reported BUG: KMSAN: uninit-value in sizedstrscpy+0xc4/0x160 sizedstrscpy+0xc4/0x160 copyname+0x2af/0x320 fs/hfsplus/xattr.c:411 hfspluslistxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750...

DEBIAN-CVE-2024-42228

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value size when calling amdgpuvcecsreloc Initialize the size before calling amdgpuvcecsreloc, such as case 0x03000001. V2: To really improve the handling we would actually need to have a separate...

CVE-2024-42113

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: initialize numqvectors for MSI/INTx interrupts When using MSI/INTx interrupts, wx-numqvectors is uninitialized. Thus there will be kernel panic in wxallocqvectors to allocate queue vectors...