rpm package

opensuse/kernel-default&distro=openSUSE Leap 15.3

pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.3

Vulnerabilities (340)

CVE	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2021-26341	—		< 4.12.14-150100.197.117.1	4.12.14-150100.197.117.1	Mar 11, 2022	Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
CVE-2022-0001	—		< 5.3.18-150300.59.54.1	5.3.18-150300.59.54.1	Mar 11, 2022	Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2022-23042	—		< 4.12.14-150100.197.111.1	4.12.14-150100.197.111.1	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23041	—		< 4.12.14-150100.197.111.1	4.12.14-150100.197.111.1	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23040	—		< 4.12.14-150100.197.111.1	4.12.14-150100.197.111.1	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23039	—		< 4.12.14-150100.197.111.1	4.12.14-150100.197.111.1	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23038	—		< 4.12.14-150100.197.111.1	4.12.14-150100.197.111.1	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23037	—		< 4.12.14-150100.197.111.1	4.12.14-150100.197.111.1	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23036	—		< 4.12.14-150100.197.111.1	4.12.14-150100.197.111.1	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-0516	—		< 5.3.18-150300.59.54.1	5.3.18-150300.59.54.1	Mar 8, 2022	A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions pri
CVE-2021-3739	—		< 5.3.18-59.24.1	5.3.18-59.24.1	Mar 7, 2022	A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat fr
CVE-2021-3732	—		< 5.3.18-59.24.1	5.3.18-59.24.1	Mar 7, 2022	A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible.
CVE-2022-0847	—	KEV	< 5.3.18-150300.59.54.1	5.3.18-150300.59.54.1	Mar 7, 2022	A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to
CVE-2022-26490	—		< 4.12.14-150100.197.111.1	4.12.14-150100.197.111.1	Mar 6, 2022	st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
CVE-2021-3656	—		< 5.3.18-59.24.1	5.3.18-59.24.1	Mar 4, 2022	A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue c
CVE-2021-3428	—		< 5.3.18-59.5.2	5.3.18-59.5.2	Mar 4, 2022	A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a sy
CVE-2021-3744	—		< 5.3.18-59.27.1	5.3.18-59.27.1	Mar 4, 2022	A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
CVE-2021-3743	—		< 5.3.18-59.24.1	5.3.18-59.24.1	Mar 4, 2022	An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat
CVE-2021-3640	—		< 5.3.18-59.24.1	5.3.18-59.24.1	Mar 3, 2022	A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable fau
CVE-2021-4002	—		< 5.3.18-59.40.1	5.3.18-59.40.1	Mar 3, 2022	A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized acces

CVE-2021-26341Mar 11, 2022
affected < 4.12.14-150100.197.117.1fixed 4.12.14-150100.197.117.1
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
CVE-2022-0001Mar 11, 2022
affected < 5.3.18-150300.59.54.1fixed 5.3.18-150300.59.54.1
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2022-23042Mar 10, 2022
affected < 4.12.14-150100.197.111.1fixed 4.12.14-150100.197.111.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23041Mar 10, 2022
affected < 4.12.14-150100.197.111.1fixed 4.12.14-150100.197.111.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23040Mar 10, 2022
affected < 4.12.14-150100.197.111.1fixed 4.12.14-150100.197.111.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23039Mar 10, 2022
affected < 4.12.14-150100.197.111.1fixed 4.12.14-150100.197.111.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23038Mar 10, 2022
affected < 4.12.14-150100.197.111.1fixed 4.12.14-150100.197.111.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23037Mar 10, 2022
affected < 4.12.14-150100.197.111.1fixed 4.12.14-150100.197.111.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23036Mar 10, 2022
affected < 4.12.14-150100.197.111.1fixed 4.12.14-150100.197.111.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-0516Mar 8, 2022
affected < 5.3.18-150300.59.54.1fixed 5.3.18-150300.59.54.1
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions pri
CVE-2021-3739Mar 7, 2022
affected < 5.3.18-59.24.1fixed 5.3.18-59.24.1
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat fr
CVE-2021-3732Mar 7, 2022
affected < 5.3.18-59.24.1fixed 5.3.18-59.24.1
A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible.
CVE-2022-0847KEVMar 7, 2022
affected < 5.3.18-150300.59.54.1fixed 5.3.18-150300.59.54.1
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to
CVE-2022-26490Mar 6, 2022
affected < 4.12.14-150100.197.111.1fixed 4.12.14-150100.197.111.1
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
CVE-2021-3656Mar 4, 2022
affected < 5.3.18-59.24.1fixed 5.3.18-59.24.1
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue c
CVE-2021-3428Mar 4, 2022
affected < 5.3.18-59.5.2fixed 5.3.18-59.5.2
A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a sy
CVE-2021-3744Mar 4, 2022
affected < 5.3.18-59.27.1fixed 5.3.18-59.27.1
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
CVE-2021-3743Mar 4, 2022
affected < 5.3.18-59.24.1fixed 5.3.18-59.24.1
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat
CVE-2021-3640Mar 3, 2022
affected < 5.3.18-59.24.1fixed 5.3.18-59.24.1
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable fau
CVE-2021-4002Mar 3, 2022
affected < 5.3.18-59.40.1fixed 5.3.18-59.40.1
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized acces

Page 9 of 17