SUSE CVE-2022-49017

In the Linux kernel, the following vulnerability has been resolved: tipc: re-fetch skb cb after tipcmsgvalidate As the call trace shows, the original skb was freed in tipcmsgvalidate, and dereferencing the old skb cb would cause an use-after-free crash. BUG: KASAN: use-after-free in...

SUSE CVE-2024-50020

In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper handling of refcount in icesriovsetmsixveccount This patch addresses an issue with improper reference count handling in the icesriovsetmsixveccount function. First, the function calls icegetvfbyid, which...

SUSE CVE-2024-50041

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix macvlan leak by synchronizing access to macfilterhash This patch addresses a macvlan leak issue in the i40e driver caused by concurrent access to vsi-macfilterhash. The leak occurs when multiple threads attempt to modif...

AZL-53741 CVE-2024-50063 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tail call between progs attached to different hooks bpf progs can be attached to kernel functions, and the attached functions can take different parameters or return different return values. If prog attached to one...

DEBIAN-CVE-2022-49017

In the Linux kernel, the following vulnerability has been resolved: tipc: re-fetch skb cb after tipcmsgvalidate As the call trace shows, the original skb was freed in tipcmsgvalidate, and dereferencing the old skb cb would cause an use-after-free crash. BUG: KASAN: use-after-free in...

AZL-51372 CVE-2024-49982 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 "aoe: fix the potential use-after-free problem in aoecmdcfgpkts" makes tx calling devput instead of doing in aoecmdcfgpkts. It...

DEBIAN-CVE-2024-49905

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for 'afb' in amdgpudmplanehandlecursorupdate v2 This commit adds a null check for the 'afb' variable in the amdgpudmplanehandlecursorupdate function. Previously, 'afb' was assumed to be null, but w...

UBUNTU-CVE-2024-49884

In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4splitextentat We hit the following use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in ext4splitextentat+0xba8/0xcc0 Read of...

CVE-2024-47711

In the Linux kernel, the following vulnerability has been resolved: afunix: Don't return OOB skb in manageoob. syzbot reported use-after-free in unixstreamrecvurg. 0 The scenario is 1. sendMSGOOB 2. recvMSGOOB - The consumed OOB remains in recv queue 3. sendMSGOOB 4. recv - manageoob returns...

AZL-50709 CVE-2024-49856 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Fix deadlock in SGX NUMA node search When the current node doesn't have an EPC section configured by firmware and all other EPC sections are used up, CPU can get stuck inside the while loop that looks for an available EP...

AZL-50842 CVE-2024-47699 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential null-ptr-deref in nilfsbtreeinsert Patch series "nilfs2: fix potential issues with empty b-tree nodes". This series addresses three potential issues with empty b-tree nodes that can occur with corrupted...

AZL-50716 CVE-2024-47678 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: icmp: change the order of rate limits ICMP messages are ratelimited : After the blamed commits, the two rate limiters are applied in this order: 1 host wide ratelimit icmpglobalallow 2 Per destination ratelimit inetpeer based In...

Security update for the Linux Kernel (Live Patch 44 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059161 fixes several issues. The following security issues were fixed: CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6nhflushexceptions bsc1227651...

drm/amd/pm: Fix negative array index read

...

ipv6: prevent possible UAF in ip6_xmit()

...

Important; Unbreakable Enterprise kernel security update

4.1.12-124.90.3.1 - vhost/scsi: null-ptr-dereference in vhostscsigetreq Haoran Zhang Orabug: 37132352...

AZL-50188 CVE-2024-46842 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfcgetsfpinfo The MBXTIMEOUT return code is not handled in lpfcgetsfpinfo and the routine unconditionally frees submitted mailbox commands regardless of return status. The issue is that for...

kernel: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2capchantimeout There is a race condition between l2capchantimeout and l2capchandel. When we use l2capchandel to delete the channel, the chan-conn will be set to null. But the conn could b...

SUSE CVE-2024-46718

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't overmap identity VRAM mapping Overmapping the identity VRAM mapping is triggering hardware bugs on certain platforms. Use 2M pages for the last unaligned to 1G VRAM chunk. v2: - Always use 2M pages for last chunk Fe...

SUSE CVE-2024-46750

In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pcibuslock One of the true positives that the cfgaccesslock lockdep effort identified is this sequence: WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pcibridgesecondarybusreset+0x5d/0x70 RIP:...