Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref CVE-2024-26735 kernel: fs: sysfs: Fix reference leak in sysfsbreakactiveprotection CVE-2024-26993 For more details about the...

CVE-2021-47440

In the Linux kernel, the following vulnerability has been resolved: net: encx24j600: check error in devmregmapinitencx24j600 devmregmapinit may return error which caused by like out of memory, this will results in null pointer dereference later when reading or writing register: general protection...

CVE-2021-47279

In the Linux kernel, the following vulnerability has been resolved: usb: misc: brcmstb-usb-pinmap: check return value after calling platformgetresource It will cause null-ptr-deref if platformgetresource returns NULL, we need check the return value...

CVE-2023-52806

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance ma...

CVE-2023-52782

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Track xmit submission to PTP WQ after populating metadata map Ensure the skb is available in metadata mapping to skbs before tracking the metadata index for detecting undelivered CQEs. If the metadata index is put in t...

CVE-2024-36011

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...

CVE-2024-36011

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...

CVE-2024-36011 Bluetooth: HCI: Fix potential null-ptr-deref

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...

CVE-2024-36011

CVE-2024-36011 affects the Linux kernel where the Bluetooth HCI code could dereference a NULL pointer in hci_le_big_sync_established_evt(). The vulnerability is local (per CVSS vector: AV:L, AC:L, PR:L, UI:N) with a MEDIUM base score of 5.5 and an ADMIN/availability impact of HIGH. The connected ...

CVE-2024-36011 Bluetooth: HCI: Fix potential null-ptr-deref

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hcilebigsyncestablishedevt...

CVE-2021-47397

In the Linux kernel, the following vulnerability has been resolved: sctp: break out if skbheaderpointer returns NULL in sctprcvootb We should always check if skbheaderpointer's return is NULL before using it, otherwise it may cause null-ptr-deref, as syzbot reported: KASAN: null-ptr-deref in rang...

CVE-2023-52866

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Fix user-memory-access bug in uclogicparamsugeev2initeventhooks When CONFIGHIDUCLOGIC=y and CONFIGKUNITALLTESTS=y, launch kernel and then the below user-memory-access bug occurs. In...

CVE-2023-52806

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance ma...

CVE-2023-52782

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Track xmit submission to PTP WQ after populating metadata map Ensure the skb is available in metadata mapping to skbs before tracking the metadata index for detecting undelivered CQEs. If the metadata index is put in t...

CVE-2023-52744

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix potential NULL-ptr-dereference indevget can return NULL which will cause a failure once idev is dereferenced in indevforeachifartnl. This patch adds a check for NULL value in idev beforehand. Found by Linux...

CVE-2023-52806

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance ma...

CVE-2023-52782

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Track xmit submission to PTP WQ after populating metadata map Ensure the skb is available in metadata mapping to skbs before tracking the metadata index for detecting undelivered CQEs. If the metadata index is put in t...

CVE-2023-52866

In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Fix user-memory-access bug in uclogicparamsugeev2initeventhooks When CONFIGHIDUCLOGIC=y and CONFIGKUNITALLTESTS=y, launch kernel and then the below user-memory-access bug occurs. In...

CVE-2023-52806

CVE-2023-52806 concerns the Linux kernel ALSA hda subsystem. The description in the initial document notes a possible NULL pointer dereference when an AudioDSP stream is assigned, specifically when a COUPLED stream is inadvertently accepted despite drivers using HOST or LINK types. The connected ...

CVE-2023-52806 ALSA: hda: Fix possible null-ptr-deref when assigning a stream

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance ma...