rpm package
opensuse/kernel-debug&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.4
Vulnerabilities (357)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1882 | — | < 5.14.21-150400.24.33.2 | 5.14.21-150400.24.33.2 | May 26, 2022 | A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on t | ||
| CVE-2022-1734 | — | < 4.12.14-150100.197.114.2 | 4.12.14-150100.197.114.2 | May 18, 2022 | A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. | ||
| CVE-2022-29581 | — | < 5.14.21-150400.24.18.1 | 5.14.21-150400.24.18.1 | May 17, 2022 | Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. | ||
| CVE-2022-1679 | — | < 4.12.14-150100.197.117.1 | 4.12.14-150100.197.117.1 | May 16, 2022 | A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||
| CVE-2021-33135 | — | < 5.14.21-150400.24.21.2 | 5.14.21-150400.24.21.2 | May 12, 2022 | Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access. | ||
| CVE-2022-30594 | — | < 4.12.14-150100.197.114.2 | 4.12.14-150100.197.114.2 | May 12, 2022 | The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | ||
| CVE-2022-20008 | — | < 4.12.14-150100.197.126.1 | 4.12.14-150100.197.126.1 | May 10, 2022 | In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is no | ||
| CVE-2022-1516 | — | < 4.12.14-150100.197.114.2 | 4.12.14-150100.197.114.2 | May 5, 2022 | A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s | ||
| CVE-2022-1353 | — | < 4.12.14-150100.197.114.2 | 4.12.14-150100.197.114.2 | Apr 29, 2022 | A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | ||
| CVE-2022-29582 | — | < 5.14.21-150400.24.11.1 | 5.14.21-150400.24.11.1 | Apr 22, 2022 | In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. | ||
| CVE-2022-28356 | — | < 5.14.21-150400.24.21.2 | 5.14.21-150400.24.21.2 | Apr 2, 2022 | In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. | ||
| CVE-2022-0494 | — | < 5.14.21-150400.24.11.1 | 5.14.21-150400.24.11.1 | Mar 25, 2022 | A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. | ||
| CVE-2021-4157 | — | < 4.12.14-150100.197.117.1 | 4.12.14-150100.197.117.1 | Mar 25, 2022 | An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileg | ||
| CVE-2021-4203 | — | < 4.12.14-150100.197.123.1 | 4.12.14-150100.197.123.1 | Mar 25, 2022 | A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. | ||
| CVE-2022-1011 | — | < 4.12.14-150100.197.114.2 | 4.12.14-150100.197.114.2 | Mar 18, 2022 | A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. | ||
| CVE-2021-39711 | — | < 4.12.14-150100.197.114.2 | 4.12.14-150100.197.114.2 | Mar 16, 2022 | In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android k | ||
| CVE-2021-26341 | — | < 4.12.14-150100.197.117.1 | 4.12.14-150100.197.117.1 | Mar 11, 2022 | Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. | ||
| CVE-2022-26490 | — | < 5.14.21-150400.24.11.1 | 5.14.21-150400.24.11.1 | Mar 6, 2022 | st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. | ||
| CVE-2020-36516 | — | < 5.14.21-150400.24.21.2 | 5.14.21-150400.24.21.2 | Feb 26, 2022 | An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. | ||
| CVE-2021-20321 | — | < 4.12.14-150100.197.114.2 | 4.12.14-150100.197.114.2 | Feb 18, 2022 | A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. |
- CVE-2022-1882May 26, 2022affected < 5.14.21-150400.24.33.2fixed 5.14.21-150400.24.33.2
A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on t
- CVE-2022-1734May 18, 2022affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
- CVE-2022-29581May 17, 2022affected < 5.14.21-150400.24.18.1fixed 5.14.21-150400.24.18.1
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
- CVE-2022-1679May 16, 2022affected < 4.12.14-150100.197.117.1fixed 4.12.14-150100.197.117.1
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
- CVE-2021-33135May 12, 2022affected < 5.14.21-150400.24.21.2fixed 5.14.21-150400.24.21.2
Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2022-30594May 12, 2022affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
- CVE-2022-20008May 10, 2022affected < 4.12.14-150100.197.126.1fixed 4.12.14-150100.197.126.1
In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is no
- CVE-2022-1516May 5, 2022affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s
- CVE-2022-1353Apr 29, 2022affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
- CVE-2022-29582Apr 22, 2022affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.
- CVE-2022-28356Apr 2, 2022affected < 5.14.21-150400.24.21.2fixed 5.14.21-150400.24.21.2
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
- CVE-2022-0494Mar 25, 2022affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.
- CVE-2021-4157Mar 25, 2022affected < 4.12.14-150100.197.117.1fixed 4.12.14-150100.197.117.1
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileg
- CVE-2021-4203Mar 25, 2022affected < 4.12.14-150100.197.123.1fixed 4.12.14-150100.197.123.1
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
- CVE-2022-1011Mar 18, 2022affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
- CVE-2021-39711Mar 16, 2022affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2
In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android k
- CVE-2021-26341Mar 11, 2022affected < 4.12.14-150100.197.117.1fixed 4.12.14-150100.197.117.1
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
- CVE-2022-26490Mar 6, 2022affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
- CVE-2020-36516Feb 26, 2022affected < 5.14.21-150400.24.21.2fixed 5.14.21-150400.24.21.2
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
- CVE-2021-20321Feb 18, 2022affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
Page 17 of 18