Important: kernel-livepatch-5.10.223-211.872

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe failure CVE-2024-46673 Affected Packages: kernel-livepatch-5.10.223-211.872 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: kernel-livepatch-5.10.224-212.876

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe failure CVE-2024-46673 Affected Packages: kernel-livepatch-5.10.224-212.876 Issue Correction: Please ensure you have live patching enabled. Run yum update...

SUSE SLES12 Security Update : kernel (SUSE-SU-2024:3566-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3566-1 advisory. The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...

CLSA-2024-1728297376 kernel: Fix of 13 CVEs

btrfs: fix use-after-free after failure to create a snapshot CVE-2022-48733 - hwmon: nct6775-core Fix underflows seen when writing limit attributes CVE-2024-46757 - wifi: mac80211: Avoid address calculations via out of bounds array indexing CVE-2024-41071 - netfilter: conntrack: dccp: copy entire...

CLSA-2024-1727352561 kernel: Fix of 19 CVEs

tipc: Return non-zero value from tipcudpaddr2str on error CVE-2024-42284 - dev/parport: fix the array out-of-bounds risk CVE-2024-42301 - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs CVE-2024-42285 - scsi: aacraid: Fix double-free on probe failure CVE-2024-46673 - ipv6: prevent...

CLSA-2024-1727167500 kernel: Fix of 11 CVEs

wifi: mac80211: Avoid address calculations via out of bounds array indexing CVE-2024-41071 - bnx2x: Fix multiple UBSAN array-index-out-of-bounds CVE-2024-42148 - exec: Fix ToCToU between perm check and set-uid/gid usage CVE-2024-43882 - scsi: aacraid: Fix double-free on probe failure...

SUSE CVE-2024-46673

In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe failure aacprobeone calls hardware-specific init functions through the aacdriverident::init pointer, all of which eventually call down to aacinitadapter. If aacinitadapter fails after...

AZL-49251 CVE-2024-46673 affecting package kernel for versions less than 6.6.51.1-1

In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe failure aacprobeone calls hardware-specific init functions through the aacdriverident::init pointer, all of which eventually call down to aacinitadapter. If aacinitadapter fails after...

CVE-2016-6480

Race condition in the ioctlsendfib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service out-of-bounds access or system crash by changing a certain size value, aka a "double fetch" vulnerability...

CVE-2013-6383

The aaccompatioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAPSYSRAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call...