OESA-2024-1861 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab out of bounds write in smbinheritdacl slab out-of-bounds write is caused by that offsets is bigger than pntsd allocation size. This patch add the...

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: TIPC message reassembly use-after-free remote code execution vulnerability CVE-2024-36886 kernel: ethernet: hisilicon: hns: hnsdsafmisc: fix a possible array overflow in hnsdsafgesrstbypo...

ALSA-2024:4583 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: TIPC message reassembly use-after-free remote code execution vulnerability CVE-2024-36886 kernel: ethernet: hisilicon: hns: hnsdsafmisc: fix a possible array overflow in hnsdsafgesrstbypo...

UBUNTU-CVE-2022-48839

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packetrecvmsg syzbot found that when an AFPACKET socket is using PACKETCOPYTHRESH and mmap operations, tpacketrcv is queueing skbs with garbage in skb-cb, triggering a too big copy 1...

RXSA-2024:4211 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack CVE-2020-26555 kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number...

OESA-2024-1839 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Fix DSP oops stack dump output contents Fix @buf arg given to hexdumptobuffer and stack address used in dump error output.CVE-2021-47381 In the Linux...

OESA-2024-1836 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: media: lgdt3306a: Add a check against null-pointer-def The driver should check whether the client provides the platformdata. The following log reveals it:...

CVE-2024-39489

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6hmacinitalgo seg6hmacinitalgo returns without cleaning up the previous allocations if one fails, so it's going to leak all that memory and the crypto tfms. Update seg6hmacexit to only free the memory...

CVE-2024-23697

In RGXCreateHWRTDataaux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

kernel: usbnet: sanity check for maxpacket

In the Linux kernel, the following vulnerability has been resolved: usbnet: sanity check for maxpacket maxpacket of 0 makes no sense and oopses as we need to divide by it. Give up. V2: fixed typo in log and stylistic issues...

ALSA-2024:4262 Moderate: linux-firmware security update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: kernel: Reserved fields in guest message responses may not be zero initialized CVE-2023-31346 For more details about the security issues, including the impact, a CVSS...

kernel: octeontx2-af: avoid off-by-one read from userspace

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: avoid off-by-one read from userspace We try to access count + 1 byte from userspace with memdupuserbuffer, count + 1. However, the userspace only provides buffer of count bytes and only these count bytes are verifie...

SUSE-SU-2024:2203-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system bsc1209657. - CVE-2023-52434: Fixed potential OOBs in...

DEBIAN-CVE-2024-37021

In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...

AZL-42847 CVE-2024-38662 affecting package kernel for versions less than 6.6.35.1-4

In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a mapdelete on a...

CVE-2024-39277 dma-mapping: benchmark: handle NUMA_NO_NODE correctly

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMANONODE correctly cpumaskofnode can be called for NUMANONODE inside domapbenchmark resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in...

CVE-2022-48762

In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix loadunalignedzeropad reg indices In exhandlerloadunalignedzeropad we erroneously extract the data and addr register indices from ex-type rather than ex-data. As ex-type will contain EXTYPELOADUNALIGNEDZEROPAD...

CVE-2022-48764 KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2}

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Free kvmcpuidentry2 array on post-KVMRUN KVMSETCPUID,2 Free the "struct kvmcpuidentry2" array on successful post-KVMRUN KVMSETCPUID,2 to fix a memory leak, the callers of kvmsetcpuid free the array only on failure. BUG:...

CVE-2022-48729 IB/hfi1: Fix panic with larger ipoib send_queue_size

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix panic with larger ipoib sendqueuesize When the ipoib sendqueuesize is increased from the default the following panic happens: RIP: 0010:hfi1ipoibdraintxring+0x45/0xf0 hfi1 Code: 31 e4 eb 0f 8b 85 c8 02 00 00 41 83 c4...

CVE-2022-48726

In the Linux kernel, the following vulnerability has been resolved: RDMA/ucma: Protect mc during concurrent multicast leaves Partially revert the commit mentioned in the Fixes line to make sure that allocation and erasing multicast struct are locked. BUG: KASAN: use-after-free in...