AZL-53762 CVE-2024-50299 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctpsfootb A size validation fix similar to that in Commit 50619dbf8db7 "sctp: add size validation when walking chunks" is also required in sctpsfootb to address a crash reported by syzbot:...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-073)

The version of kernel installed on the remote host is prior to 5.10.210-201.855. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2024-073 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize...

AZL-53051 CVE-2024-50245 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix possible deadlock in miread Mutex lock with another subclass used in nilockdir...

CVE-2024-49870 affecting package kernel for versions less than 6.6.57.1-2

CVE-2024-49870 affecting package kernel for versions less than 6.6.57.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2024-47671 affecting package kernel for versions less than 6.6.56.1-5

CVE-2024-47671 affecting package kernel for versions less than 6.6.56.1-5. An upgraded version of the package is available that resolves this issue...

CVE-2024-49973 affecting package kernel for versions less than 6.6.57.1-2

CVE-2024-49973 affecting package kernel for versions less than 6.6.57.1-2. An upgraded version of the package is available that resolves this issue...

CVE-2024-47706 affecting package kernel for versions less than 6.6.56.1-5

CVE-2024-47706 affecting package kernel for versions less than 6.6.56.1-5. An upgraded version of the package is available that resolves this issue...

CVE-2024-50041 affecting package kernel for versions less than 6.6.57.1-1

CVE-2024-50041 affecting package kernel for versions less than 6.6.57.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-49861 affecting package kernel for versions less than 6.6.56.1-5

CVE-2024-49861 affecting package kernel for versions less than 6.6.56.1-5. An upgraded version of the package is available that resolves this issue...

AZL-53310 CVE-2024-50201 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix encoder-possibleclones Include the encoder itself in its possibleclones bitmask. In the past nothing validated that drivers were populating possibleclones correctly, but that changed in commit 74d2aacbe840 "drm:...

AZL-52923 CVE-2024-50168 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: net/sun382586: fix potential memory leak in sun382586sendpacket The sun382586sendpacket returns NETDEVTXOK without freeing skb in case of skb-len being too long, add devkfreeskb to fix it...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-087)

The version of kernel installed on the remote host is prior to 5.4.284-198.382. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2024-087 advisory. In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc CVE-2024-46865...

Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005559 fixes several issues. The following security issues were fixed: CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2024-35863: Fixed potential UAF i...

AZL-52077 CVE-2024-50072 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below GP in 32-bit mode when dosemu software was executing vm86 system call: general protection fault: 0000 1 PREEMPT SMP CPU: 4 PID: 4610 Comm: dosemu.bin...

AZL-52070 CVE-2024-50073 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Fix use-after-free in gsmcleanupmux BUG: KASAN: slab-use-after-free in gsmcleanupmux+0x77b/0x7b0 drivers/tty/ngsm.c:3160 ngsm Read of size 8 at addr ffff88815fe99c00 by task poc/3379 CPU: 0 UID: 0 PID: 3379 Comm: poc N...

AZL-50923 CVE-2024-50055 affecting package kernel for versions less than 6.6.57.1-1

In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API busregister For busregister, any error which happens after ksetregister will cause that @priv are freed twice, fixed by setting @priv with NULL after the first free...

AZL-51551 CVE-2024-50031 affecting package kernel for versions less than 6.6.57.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Stop the active perfmon before being destroyed When running kmscube with one or more performance monitors enabled via GALLIUMHUD, the following kernel panic can occur: 55.008324 Unable to handle kernel paging request at...

AZL-51401 CVE-2024-50027 affecting package kernel for versions less than 6.6.64.2-9

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Free tzp copy along with the thermal zone The object pointed to by tz-tzp may still be accessed after being freed in thermalzonedeviceunregister, so move the freeing of it to the point after the removal completion...

AZL-51372 CVE-2024-49982 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 "aoe: fix the potential use-after-free problem in aoecmdcfgpkts" makes tx calling devput instead of doing in aoecmdcfgpkts. It...

AZL-52281 CVE-2024-49965 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: ocfs2: remove unreasonable unlock in ocfs2readblocks Patch series "Misc fixes for ocfs2readblocks", v5. This series contains 2 fixes for ocfs2readblocks. The first patch fix the issue reported by syzbot, which detects bad unlock...