241 matches found
CVE-2024-50035
CVE-2024-50035 affects the Linux kernel PPP path, specifically a fault in ppp_async_encode() that can be triggered by a zero-size pppoe_sendmsg() followed by an empty skb, leading to a possible uninitialized access (KMSAN) in drivers/net/ppp/ppp_async.c. The issue was fixed in upstream Linux comm...
CVE-2024-50033
CVE-2024-50033 relates to the Linux kernel slip/slhc.c, where slhc_remember() failed to validate packets against malicious inputs. The issue allowed uninit reads due to insufficient checks on packet contents beyond a 20-byte minimum, risking exposure via PPP/SLIP processing when IPv4 and TCP head...
CVE-2024-50033 slip: make slhc_remember() more robust against malicious packets
In the Linux kernel, the following vulnerability has been resolved: slip: make slhcremember more robust against malicious packets syzbot found that slhcremember was missing checks against malicious packets 1. slhcremember only checked the size of the packet was at least 20, which is not good...
CVE-2024-50033 slip: make slhc_remember() more robust against malicious packets
In the Linux kernel, the following vulnerability has been resolved: slip: make slhcremember more robust against malicious packets syzbot found that slhcremember was missing checks against malicious packets 1. slhcremember only checked the size of the packet was at least 20, which is not good...
CVE-2024-49900
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of newea in eabuffer syzbot reports that lzo1x1docompress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x1docompress+0x19f9/0x2510...
CVE-2024-49900 jfs: Fix uninit-value access of new_ea in ea_buffer
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of newea in eabuffer syzbot reports that lzo1x1docompress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x1docompress+0x19f9/0x2510...
CVE-2024-49900 jfs: Fix uninit-value access of new_ea in ea_buffer
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of newea in eabuffer syzbot reports that lzo1x1docompress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x1docompress+0x19f9/0x2510...
CVE-2024-49900 jfs: Fix uninit-value access of new_ea in ea_buffer
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of newea in eabuffer syzbot reports that lzo1x1docompress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x1docompress+0x19f9/0x2510...
CVE-2024-47685
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfrejectipv6: fix nfrejectip6tcphdrput syzbot reported that nfrejectip6tcphdrput was possibly sending garbage on the four reserved tcp bits th-res1 Use skbputzero to clear the whole TCP header, as done in...
SUSE SLES15 Security Update : kernel (Live Patch 19 for SLE 15 SP4) (SUSE-SU-2024:3643-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3643-1 advisory. This update for the Linux Kernel 5.14.21-1504002492 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed...
SUSE SLES15 Security Update : kernel (Live Patch 15 for SLE 15 SP5) (SUSE-SU-2024:3702-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3702-1 advisory. This update for the Linux Kernel 5.14.21-1505005568 fixes several issues. The following security issues were fixed: - CVE-2024-36899: gpiolib:...
Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-15040024125 fixes several issues. The following security issues were fixed: CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails bsc1227808 CVE-2024-41059: hfsplus: fix uninit-value in copyname bsc1228573. Patch Instructions:...
SUSE-SU-2024:3702-1 Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005568 fixes several issues. The following security issues were fixed: - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails...
SUSE-SU-2024:3697-1 Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005552 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. -...
SUSE-SU-2024:3695-1 Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-15040024111 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. -...
SUSE-SU-2024:3687-1 Security update for the Linux Kernel (Live Patch 48 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122176 fixes several issues. The following security issues were fixed: - CVE-2024-41059: hfsplus: fix uninit-value in copyname bsc1228573. - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 bsc1226325...
SUSE-SU-2024:3651-1 Security update for the Linux Kernel (Live Patch 42 for SLE 15 SP3)
This update for the Linux Kernel 5.3.18-15030059153 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. - CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6nhflushexceptions bsc1227651. -...
SUSE-SU-2024:3643-1 Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-1504002492 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. -...
SUSE-SU-2024:3640-1 Security update for the Linux Kernel (Live Patch 50 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122183 fixes several issues. The following security issues were fixed: - CVE-2024-41059: hfsplus: fix uninit-value in copyname bsc1228573. - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 bsc1226325...
Security update for the Linux Kernel RT (Live Patch 17 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505001361 fixes several issues. The following security issues were fixed: CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails bsc1227808 CVE-2024-41059: hfsplus: fix uninit-value in copyname bsc1228573. CVE-2024-40909: bpf:...