VYPR

rpm package

opensuse/kernel-debug&distro=openSUSE Leap 15.4

pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.4

Vulnerabilities (357)

  • CVE-2022-0617Feb 16, 2022
    affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1

    A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.

  • CVE-2021-44879Feb 13, 2022
    affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1

    In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.

  • CVE-2021-45402Feb 11, 2022
    affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1

    The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."

  • CVE-2021-33061Feb 9, 2022
    affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2

    Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2022-0264Feb 4, 2022
    affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1

    A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory deta

  • CVE-2022-23222Jan 14, 2022
    affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1

    kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.

  • CVE-2021-43389Nov 4, 2021
    affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2

    An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.

  • CVE-2021-38208Aug 8, 2021
    affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2

    net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.

  • CVE-2021-20292May 28, 2021
    affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2

    There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the obje

  • CVE-2020-24588LowMay 11, 2021
    affected < 5.14.21-150400.24.46.1fixed 5.14.21-150400.24.46.1

    The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is manda

  • CVE-2020-26541Oct 2, 2020
    affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2

    The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.

  • CVE-2019-20811Jun 3, 2020
    affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2

    An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.

  • CVE-2019-19377Nov 29, 2019
    affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2

    In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.

  • CVE-2018-7755Mar 8, 2018
    affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2

    An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel

  • CVE-2017-5753Jan 4, 2018
    affected < 4.12.14-150100.197.142.1fixed 4.12.14-150100.197.142.1

    Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

  • CVE-2016-3695MedDec 29, 2017
    affected < 5.14.21-150400.24.21.2fixed 5.14.21-150400.24.21.2

    The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.

  • CVE-2017-13695MedAug 25, 2017
    affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2

    The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanis

Page 18 of 18