rpm package

opensuse/kernel-azure&distro=openSUSE Leap 15.3

pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.3

Vulnerabilities (319)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-42739	—	< 5.3.18-38.28.2	5.3.18-38.28.2	Oct 20, 2021	The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
CVE-2021-42252	—	< 5.3.18-38.28.2	5.3.18-38.28.2	Oct 11, 2021	An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1
CVE-2021-42008	—	< 5.3.18-38.28.2	5.3.18-38.28.2	Oct 4, 2021	The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
CVE-2021-41864	—	< 5.3.18-38.28.2	5.3.18-38.28.2	Oct 1, 2021	prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
CVE-2021-3653	—	< 5.3.18-38.22.2	5.3.18-38.22.2	Sep 29, 2021	A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue co
CVE-2021-40490	—	< 5.3.18-38.25.2	5.3.18-38.25.2	Sep 3, 2021	A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
CVE-2021-21781	—	< 5.3.18-38.17.1	5.3.18-38.17.1	Aug 18, 2021	An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An
CVE-2021-3573	—	< 5.3.18-38.11.1	5.3.18-38.11.1	Aug 13, 2021	A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blackl
CVE-2021-38198	—	< 5.3.18-38.22.2	5.3.18-38.22.2	Aug 8, 2021	arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.
CVE-2021-38204	—	< 5.3.18-38.22.2	5.3.18-38.22.2	Aug 8, 2021	drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.
CVE-2021-38205	—	< 5.3.18-38.22.2	5.3.18-38.22.2	Aug 8, 2021	drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).
CVE-2021-38206	—	< 5.3.18-38.22.2	5.3.18-38.22.2	Aug 8, 2021	The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is used, allows attackers to cause a denial of service (NULL pointer dereference in the radiotap parser) by injecting a frame with 802.11a rates.
CVE-2021-38207	—	< 5.3.18-38.22.2	5.3.18-38.22.2	Aug 8, 2021	drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes.
CVE-2021-38208	—	< 5.3.18-150300.38.56.1	5.3.18-150300.38.56.1	Aug 8, 2021	net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.
CVE-2021-38209	—	< 5.3.18-38.22.2	5.3.18-38.22.2	Aug 8, 2021	net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS
CVE-2021-38166	—	< 5.3.18-38.22.2	5.3.18-38.22.2	Aug 7, 2021	In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
CVE-2021-38160	—	< 5.3.18-38.22.2	5.3.18-38.22.2	Aug 7, 2021	In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any ex
CVE-2021-3655	—	< 5.3.18-38.28.2	5.3.18-38.28.2	Aug 5, 2021	A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
CVE-2021-3679	—	< 5.3.18-38.22.2	5.3.18-38.22.2	Aug 5, 2021	A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causin
CVE-2021-34556	—	< 5.3.18-38.22.2	5.3.18-38.22.2	Aug 2, 2021	In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.

CVE-2021-42739Oct 20, 2021
affected < 5.3.18-38.28.2fixed 5.3.18-38.28.2
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
CVE-2021-42252Oct 11, 2021
affected < 5.3.18-38.28.2fixed 5.3.18-38.28.2
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1
CVE-2021-42008Oct 4, 2021
affected < 5.3.18-38.28.2fixed 5.3.18-38.28.2
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
CVE-2021-41864Oct 1, 2021
affected < 5.3.18-38.28.2fixed 5.3.18-38.28.2
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
CVE-2021-3653Sep 29, 2021
affected < 5.3.18-38.22.2fixed 5.3.18-38.22.2
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue co
CVE-2021-40490Sep 3, 2021
affected < 5.3.18-38.25.2fixed 5.3.18-38.25.2
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
CVE-2021-21781Aug 18, 2021
affected < 5.3.18-38.17.1fixed 5.3.18-38.17.1
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An
CVE-2021-3573Aug 13, 2021
affected < 5.3.18-38.11.1fixed 5.3.18-38.11.1
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blackl
CVE-2021-38198Aug 8, 2021
affected < 5.3.18-38.22.2fixed 5.3.18-38.22.2
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.
CVE-2021-38204Aug 8, 2021
affected < 5.3.18-38.22.2fixed 5.3.18-38.22.2
drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.
CVE-2021-38205Aug 8, 2021
affected < 5.3.18-38.22.2fixed 5.3.18-38.22.2
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer).
CVE-2021-38206Aug 8, 2021
affected < 5.3.18-38.22.2fixed 5.3.18-38.22.2
The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is used, allows attackers to cause a denial of service (NULL pointer dereference in the radiotap parser) by injecting a frame with 802.11a rates.
CVE-2021-38207Aug 8, 2021
affected < 5.3.18-38.22.2fixed 5.3.18-38.22.2
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes.
CVE-2021-38208Aug 8, 2021
affected < 5.3.18-150300.38.56.1fixed 5.3.18-150300.38.56.1
net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.
CVE-2021-38209Aug 8, 2021
affected < 5.3.18-38.22.2fixed 5.3.18-38.22.2
net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS
CVE-2021-38166Aug 7, 2021
affected < 5.3.18-38.22.2fixed 5.3.18-38.22.2
In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
CVE-2021-38160Aug 7, 2021
affected < 5.3.18-38.22.2fixed 5.3.18-38.22.2
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any ex
CVE-2021-3655Aug 5, 2021
affected < 5.3.18-38.28.2fixed 5.3.18-38.28.2
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
CVE-2021-3679Aug 5, 2021
affected < 5.3.18-38.22.2fixed 5.3.18-38.22.2
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causin
CVE-2021-34556Aug 2, 2021
affected < 5.3.18-38.22.2fixed 5.3.18-38.22.2
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.

Page 12 of 16