rpm package
opensuse/kernel-azure&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.4
Vulnerabilities (315)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-2177 | — | < 5.14.21-150400.14.69.1 | 5.14.21-150400.14.69.1 | Apr 20, 2023 | A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a | ||
| CVE-2023-2176 | — | < 5.14.21-150400.14.49.1 | 5.14.21-150400.14.49.1 | Apr 20, 2023 | A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. | ||
| CVE-2023-28328 | — | < 5.14.21-150400.14.40.1 | 5.14.21-150400.14.40.1 | Apr 19, 2023 | A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially caus | ||
| CVE-2023-28327 | — | < 5.14.21-150400.14.43.1 | 5.14.21-150400.14.43.1 | Apr 19, 2023 | A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. | ||
| CVE-2023-2166 | — | < 5.14.21-150400.14.63.1 | 5.14.21-150400.14.63.1 | Apr 19, 2023 | A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service. | ||
| CVE-2023-2162 | — | < 5.14.21-150400.14.52.1 | 5.14.21-150400.14.52.1 | Apr 19, 2023 | A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. | ||
| CVE-2023-1382 | — | < 5.14.21-150400.14.52.1 | 5.14.21-150400.14.52.1 | Apr 19, 2023 | A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. | ||
| CVE-2023-30772 | — | < 5.14.21-150400.14.49.1 | 5.14.21-150400.14.49.1 | Apr 16, 2023 | The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. | ||
| CVE-2023-2008 | — | < 5.14.21-150400.14.49.1 | 5.14.21-150400.14.49.1 | Apr 14, 2023 | A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this v | ||
| CVE-2023-1829 | — | < 5.14.21-150400.14.55.1 | 5.14.21-150400.14.55.1 | Apr 12, 2023 | A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying struc | ||
| CVE-2023-1990 | — | < 5.14.21-150400.14.49.1 | 5.14.21-150400.14.49.1 | Apr 12, 2023 | A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. | ||
| CVE-2023-1989 | — | < 5.14.21-150400.14.49.1 | 5.14.21-150400.14.49.1 | Apr 11, 2023 | A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. | ||
| CVE-2023-30456 | — | < 5.14.21-150400.14.52.1 | 5.14.21-150400.14.52.1 | Apr 10, 2023 | An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. | ||
| CVE-2023-1855 | — | < 5.14.21-150400.14.49.1 | 5.14.21-150400.14.49.1 | Apr 5, 2023 | A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel info | ||
| CVE-2023-1838 | — | < 5.14.21-150400.14.46.1 | 5.14.21-150400.14.46.1 | Apr 5, 2023 | A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. | ||
| CVE-2023-1582 | — | < 5.14.21-150400.14.43.1 | 5.14.21-150400.14.43.1 | Apr 5, 2023 | A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service. | ||
| CVE-2023-1611 | — | < 5.14.21-150400.14.46.1 | 5.14.21-150400.14.46.1 | Apr 3, 2023 | A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea | ||
| CVE-2023-28464 | — | < 5.14.21-150400.14.43.1 | 5.14.21-150400.14.43.1 | Mar 31, 2023 | hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. | ||
| CVE-2023-1670 | — | < 5.14.21-150400.14.49.1 | 5.14.21-150400.14.49.1 | Mar 30, 2023 | A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | ||
| CVE-2022-4744 | — | < 5.14.21-150400.14.43.1 | 5.14.21-150400.14.43.1 | Mar 30, 2023 | A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the |
- CVE-2023-2177Apr 20, 2023affected < 5.14.21-150400.14.69.1fixed 5.14.21-150400.14.69.1
A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a
- CVE-2023-2176Apr 20, 2023affected < 5.14.21-150400.14.49.1fixed 5.14.21-150400.14.49.1
A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.
- CVE-2023-28328Apr 19, 2023affected < 5.14.21-150400.14.40.1fixed 5.14.21-150400.14.40.1
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially caus
- CVE-2023-28327Apr 19, 2023affected < 5.14.21-150400.14.43.1fixed 5.14.21-150400.14.43.1
A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.
- CVE-2023-2166Apr 19, 2023affected < 5.14.21-150400.14.63.1fixed 5.14.21-150400.14.63.1
A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.
- CVE-2023-2162Apr 19, 2023affected < 5.14.21-150400.14.52.1fixed 5.14.21-150400.14.52.1
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
- CVE-2023-1382Apr 19, 2023affected < 5.14.21-150400.14.52.1fixed 5.14.21-150400.14.52.1
A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.
- CVE-2023-30772Apr 16, 2023affected < 5.14.21-150400.14.49.1fixed 5.14.21-150400.14.49.1
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.
- CVE-2023-2008Apr 14, 2023affected < 5.14.21-150400.14.49.1fixed 5.14.21-150400.14.49.1
A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this v
- CVE-2023-1829Apr 12, 2023affected < 5.14.21-150400.14.55.1fixed 5.14.21-150400.14.55.1
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying struc
- CVE-2023-1990Apr 12, 2023affected < 5.14.21-150400.14.49.1fixed 5.14.21-150400.14.49.1
A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.
- CVE-2023-1989Apr 11, 2023affected < 5.14.21-150400.14.49.1fixed 5.14.21-150400.14.49.1
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.
- CVE-2023-30456Apr 10, 2023affected < 5.14.21-150400.14.52.1fixed 5.14.21-150400.14.52.1
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.
- CVE-2023-1855Apr 5, 2023affected < 5.14.21-150400.14.49.1fixed 5.14.21-150400.14.49.1
A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel info
- CVE-2023-1838Apr 5, 2023affected < 5.14.21-150400.14.46.1fixed 5.14.21-150400.14.46.1
A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.
- CVE-2023-1582Apr 5, 2023affected < 5.14.21-150400.14.43.1fixed 5.14.21-150400.14.43.1
A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.
- CVE-2023-1611Apr 3, 2023affected < 5.14.21-150400.14.46.1fixed 5.14.21-150400.14.46.1
A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea
- CVE-2023-28464Mar 31, 2023affected < 5.14.21-150400.14.43.1fixed 5.14.21-150400.14.43.1
hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
- CVE-2023-1670Mar 30, 2023affected < 5.14.21-150400.14.49.1fixed 5.14.21-150400.14.49.1
A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
- CVE-2022-4744Mar 30, 2023affected < 5.14.21-150400.14.43.1fixed 5.14.21-150400.14.43.1
A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the
Page 6 of 16