59854 matches found
SUSE CVE-2024-36020
In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the...
SUSE CVE-2023-52784
In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bondsetupbyslave Commit 9eed321cde22 "net: lapbether: only support ethernet devices" has been able to keep syzbot away from net/lapb, until today. In the following splat 1, the issue is that a lapbethe...
SUSE CVE-2023-52821
In the Linux kernel, the following vulnerability has been resolved: drm/panel: fix a possible null pointer dereference In versatilepanelgetmodes, the return value of drmmodeduplicate is assigned to mode, which will lead to a NULL pointer dereference on failure of drmmodeduplicate. Add a check to...
SUSE CVE-2023-52667
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a potential double-free in fsanycreategroups When kcalloc for ft-g succeeds but kvzalloc for in fails, fsanycreategroups will free ft-g. However, its caller fsanycreatetable will free ft-g again through calling...
SUSE CVE-2023-52679
In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in ofparsephandlewithargsmap In ofparsephandlewithargsmap the inner loop that iterates through the map entries calls ofnodeputnew to free the reference acquired by the previous iteration of the inner loop. Thi...
SUSE CVE-2024-35800
In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel Check if getnextvariable is actually valid pointer before calling it. In kdump kernel this method is set to NULL that causes panic during the kexec-ed kernel boot. Tested with QEMU and OVMF firmware...
SUSE CVE-2024-35817
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: amdgputtmgartbind set gtt bound flag Otherwise after the GTT bo is released, the GTT and gart space is freed but amdgputtmbackendunbind will not clear the gart page table entry and leave valid mapping entry pointing t...
SUSE CVE-2024-35831
In the Linux kernel, the following vulnerability has been resolved: iouring: Fix release of pinned pages when iouaddrmap fails Looking at the error path of iouaddrmap, if we fail after pinning the pages for any reasons, ret will be set to -EINVAL and the error handler won't properly release the...
SUSE CVE-2024-35895
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Prevent lock inversion deadlock in map delete elem syzkaller started using corpuses where a BPF tracing program deletes elements from a sockmap/sockhash map. Because BPF tracing programs can be invoked from any...
SUSE CVE-2024-35905
In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int...
SUSE CVE-2023-52661
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: rgb: Fix missing clkput in the error handling paths of tegradcrgbprobe If clkgetsys..., "plld2out0" fails, the clkgetsys call must be undone. Add the missing clkput and a new 'putplldout0' label in the error handling...
SUSE CVE-2024-27410
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change It's currently possible to change the mesh ID when the interface isn't yet in mesh mode, at the same time as changing it into mesh mode. This leads to an overwrite of data i...
SUSE CVE-2022-48694
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix drain SQ hang with no completion SW generated completions for outstanding WRs posted on SQ after QP is in error target the wrong CQ. This causes the ibdrainsq to hang with no completion. Fix this to generate...
SUSE CVE-2022-48705
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix crash in chip reset fail In case of drv own fail in reset, we may need to run macreset several times. The sequence would trigger system crash as the log below. Because we do not re-enable/schedule "txnapi...
SUSE CVE-2024-27012
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: restore set elements when delete set fails From abort path, nftmapelemactivate needs to restore refcounters to the original state. Currently, it uses the set-ops-walk to iterate over these set elements. The...
SUSE CVE-2024-26938
In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: Tolerate devdata==NULL in intelbiosencodersupportsdpdualmode If we have no VBT, or the VBT didn't declare the encoder in question, we won't have the 'devdata' for the encoder. Instead of oopsing just bail early. We...
SUSE CVE-2024-27003
In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree for clksummary Similar to the previous commit, we should make sure that all devices are runtime resumed before printing the clksummary through debugfs. Failure to do so would result in a...
SUSE CVE-2024-26999
In the Linux kernel, the following vulnerability has been resolved: serial/pmaczilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmaczilog as ...
SUSE CVE-2024-27000
In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uarthandlectschange function in serialcore expects the caller to hold uport-lock. For example, I have seen the below kernel splat, when the Bluetooth driver is loaded ...
SUSE CVE-2024-27014
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the priv-statelock, any scheduled aRFS works are canceled using the cancelworksync function, which waits for the work to end if it has already started...
SUSE CVE-2024-27078
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpgalloc In tpgalloc, resources should be deallocated in each and every error-handling paths, since they are allocated in for statements. Otherwise there would be memleaks because tpgfree is...
SUSE CVE-2024-27389
In the Linux kernel, the following vulnerability has been resolved: pstore: inode: Only dinvalidate is needed Unloading a modular pstore backend with records in pstorefs would trigger the dput double-drop warning: WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410 Using the comb...
SUSE CVE-2023-52645
In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix race conditions with genpd If the power domains are registered first with genpd and after that the driver attempts to power them on in the probe sequence, then it is possible that a race condition occurs i...
SUSE CVE-2024-26825
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rxdatareassembly skb on NCI device cleanup rxdatareassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet wit...
SUSE CVE-2024-3844
Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...
SUSE CVE-2024-26839
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix a memleak in initcreditreturn When dmaalloccoherent fails to allocate dd-crbasei.va, initcreditreturn should deallocate dd-crbase and dd-crbasei that allocated before. Or those resources would be never freed and a...
SUSE CVE-2021-47198
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfcunregrpi routine An error is detected with the following report when unloading the driver: "KASAN: use-after-free in lpfcunregrpi+0x1b1b" The NLPREGLOGINSEND nlpflag is set in...
SUSE CVE-2024-26700
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix MST Null Ptr for RV The change try to fix below error specific to RV platform: BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP NOPTI CPU: 4 PID: 917 Comm:...
SUSE CVE-2024-26814
In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Block calling interrupt handler without trigger The eventfdctx trigger pointer of the vfiofslmcirq object is initially NULL and may become NULL if the user sets the trigger eventfd to -1. The interrupt handler itself...
SUSE CVE-2024-26764
In the Linux kernel, the following vulnerability has been resolved: fs/aio: Restrict kiocbsetcancelfn to I/O submitted via libaio If kiocbsetcancelfn is called for I/O submitted via iouring, the following kernel warning appears: WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocbsetcancelfn+0x9c/0xa8...
SUSE CVE-2021-47181
In the Linux kernel, the following vulnerability has been resolved: usb: musb: tusb6010: check return value after calling platformgetresource It will cause null-ptr-deref if platformgetresource returns NULL, we need check the return value...
SUSE CVE-2021-47184
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL ptr dereference on VSI filter sync Remove the reason of null pointer dereference in sync VSI filters. Added new I40EVSIRELEASING flag to signalize deleting and releasing of VSI resources to sync this thread with sy...
SUSE CVE-2024-26741
In the Linux kernel, the following vulnerability has been resolved: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after checkestalblished. syzkaller reported a warning 0 in inetcskdestroysock with no repro. WARNONinetsksk-inetnum && !inetcsksk-icskbindhash; However, the syzkaller's log...
SUSE CVE-2024-26722
In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix deadlock in rt5645jackdetectwork There is a path in rt5645jackdetectwork, where rt5645-jdmutex is left locked forever. That may lead to deadlock when rt5645jackdetectwork is called for the second time. Found by...
SUSE CVE-2023-45288
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
SUSE CVE-2024-26660
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 'streamencregs' array is an array of dcn10streamencregisters structures. The array is initialized with four elements, corresponding to the four calls t...
SUSE CVE-2023-52621
In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcureadlocktraceheld before calling bpf map helpers These three bpfmaplookup,update,deleteelem helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program,...
SUSE CVE-2024-2883
Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
SUSE CVE-2021-47149
In the Linux kernel, the following vulnerability has been resolved: net: fujitsu: fix potential null-ptr-deref In fmvj18xgethwinfo, if ioremap fails there will be NULL pointer deref. To fix this, check the return value of ioremap and return -1 to the caller in case of failure...
SUSE CVE-2021-47150
In the Linux kernel, the following vulnerability has been resolved: net: fec: fix the potential memory leak in fecenetinit If the memory allocated for cbdbase is failed, it should free the memory allocated for the queues, otherwise it causes memory leak. And if the memory allocated for the queues...
SUSE CVE-2021-47113
In the Linux kernel, the following vulnerability has been resolved: btrfs: abort in renameexchange if we fail to insert the second ref Error injection stress uncovered a problem where we'd leave a dangling inode ref if we failed during a renameexchange. This happens because we insert the inode re...
SUSE CVE-2021-47114
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption by fallocate When fallocate punches holes out of inode size, if original isize is in the middle of last cluster, then the part from isize to the end of the cluster will be zeroed with buffer write, at...
SUSE CVE-2021-47105
In the Linux kernel, the following vulnerability has been resolved: ice: xsk: return xsk buffers back to pool when cleaning the ring Currently we only NULL the xdpbuff pointer in the internal SW ring but we never give it back to the xsk buffer pool. This means that buffers can be leaked out of th...
SUSE CVE-2023-52503
In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix use-after-free vulnerability in amdteeclosesession There is a potential race condition in amdteeclosesession that may cause use-after-free in amdteeopensession. For instance, if a session has refcount == 1, and o...
SUSE CVE-2021-47074
In the Linux kernel, the following vulnerability has been resolved: nvme-loop: fix memory leak in nvmeloopcreatectrl When creating loop ctrl in nvmeloopcreatectrl, if nvmeinitctrl fails, the loop ctrl should be freed before jumping to the "out" label...
SUSE CVE-2023-52501
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not attempt to read past "commit" When iterating over the ring buffer while the ring buffer is active, the writer can corrupt the reader. There's barriers to help detect this and handle it, but that code missed th...
SUSE CVE-2023-52580
In the Linux kernel, the following vulnerability has been resolved: net/core: Fix ETHP1588 flow dissector When a PTP ethernet raw frame with a size of more than 256 bytes followed by a 0xff pattern is sent to skbflowdissect, nhoff value calculation is wrong. For example: hdr-messagelength takes t...
SUSE CVE-2021-46948
In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX event handling We're starting from a TXQ label, not a TXQ type, so efxchannelgettxqueue is inappropriate and could return NULL, leading to panics...
SUSE CVE-2021-46988
In the Linux kernel, the following vulnerability has been resolved: userfaultfd: release page in error path to avoid BUGON Consider the following sequence of events: 1. Userspace issues a UFFD ioctl, which ends up calling into shmemmfillatomicpte. We successfully account the blocks, we...
SUSE CVE-2021-47004
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid touching checkpointed data in getvictim In CP disabling mode, there are two issues when using LFS or SSR | ATSSR mode to select victim: 1. LFS is set to find source section during GC, the victim should have no...