SUSE CVE-2021-47347

In the Linux kernel, the following vulnerability has been resolved: wl1251: Fix possible buffer overflow in wl1251cmdscan Function wl1251cmdscan calls memcpy without checking the length. Harden by checking the length is within the maximum allowed size...

DEBIAN-CVE-2024-36013

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2capconnect Extend a critical section to prevent chan from early freeing. Also make the l2capconnect return type void. Nothing is using the returned value but it is ugly to return a...

SUSE CVE-2021-47482

In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadvncmeshfree. The problem was in wrong error handling in batadvmeshinit. Before this patch batadvmeshinit was calling batadvmeshfree in case of any...

SUSE CVE-2023-52796

In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlanprocessv6outbound by moving the flowi6 struct used for the route lookup in an non...

SUSE CVE-2023-52803

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix RPC client cleaned up the freed pipefs dentries RPC client pipefs dentries cleanup is in separated rpcremovepipedir workqueue,which takes care about pipefs superblock locking. In some special scenarios, when kernel...

kernel: HID: intel-ish-hid: Fix kernel panic during warm reset

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix kernel panic during warm reset During warm reset device-fwclient is set to NULL. If a bus driver is registered after this NULL setting and before new firmware clients are enumerated by ISHTP, kernel panic...

kernel: RDMA/cma: Allow UD qp_type to join multicast only

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Allow UD qptype to join multicast only As for multicast: - The SIDR is the only mode that makes sense; - Besides PSUDP, other port spaces like PSIB is also allowed, as it is UD compatible. In this case qkey also needs t...

DEBIAN-CVE-2021-47482

In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadvncmeshfree. The problem was in wrong error handling in batadvmeshinit. Before this patch batadvmeshinit was calling batadvmeshfree in case of any...

UBUNTU-CVE-2021-47482

In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadvncmeshfree. The problem was in wrong error handling in batadvmeshinit. Before this patch batadvmeshinit was calling batadvmeshfree in case of any...

DEBIAN-CVE-2023-52745

In the Linux kernel, the following vulnerability has been resolved: IB/IPoIB: Fix legacy IPoIB due to wrong number of queues The cited commit creates child PKEY interfaces over netlink will multiple tx and rx queues, but some devices doesn't support more than 1 tx and 1 rx queues. This causes to ...

UBUNTU-CVE-2023-52807

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs The hns3 driver define an array of string to show the coalesce info, but if the kernel adds a new mode or a new state, out-of-bounds access may...

UBUNTU-CVE-2023-52761

In the Linux kernel, the following vulnerability has been resolved: riscv: VMAPSTACK overflow detection thread-safe commit 31da94c25aea "riscv: add VMAPSTACK overflow detection" added support for CONFIGVMAPSTACK. If overflow is detected, CPU switches to shadowstack temporarily before switching...

CVE-2023-52855 usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency In dwc2hcdurbenqueue, "urb-hcpriv = NULL" is executed without holding the lock "hsotg-lock". In dwc2hcdurbdequeue: spinlockirqsave&hsotg-lock, flags;...

CVE-2021-47223

In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix vlan tunnel dst null pointer dereference This patch fixes a tunneldst null pointer dereference due to lockless access in the tunnel egress path. When deleting a vlan tunnel the tunneldst pointer is set to NULL...

CVE-2021-47259

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix use-after-free in nfs4initclient KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. Olga was able to hit this with kernels starting...

UBUNTU-CVE-2021-47336

In the Linux kernel, the following vulnerability has been resolved: smackfs: restrict bytes count in smksetcipso Oops, I failed to update subject line. From 07571157c91b98ce1a4aa70967531e64b78e8346 Mon Sep 17 00:00:00 2001 Date: Mon, 12 Apr 2021 22:25:06 +0900 Subject: PATCH smackfs: restrict byt...

CVE-2021-47379 blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd KASAN reports a use-after-free report when doing fuzz test: 693354.104835 ================================================================== 693354.105094 BUG:...

SUSE CVE-2024-27432

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: fix PPE hanging issue A patch to resolve an issue was found in MediaTek's GPL-licensed SDK: In the mtkppestop function, the PPE scan mode is not disabled before disabling the PPE. This can potentially le...

SUSE CVE-2024-35882

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Jan Schunk reports that his small NFS servers suffer from memory exhaustion after just a few days. A bisect shows that commit e18e157bb5c8 "SUNRPC: Send RPC message on...

SUSE CVE-2024-35951

In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix the error path in panfrostmmumapfaultaddr Subject: PATCH drm/panfrost: Fix the error path in panfrostmmumapfaultaddr If some the pages or sgt allocation failed, we shouldn't release the pages ref we got earlier,...