rpm package

opensuse/kernel-default&distro=openSUSE Leap 15.4

pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.4

Vulnerabilities (357)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-3114	—	< 5.14.21-150400.24.41.1	5.14.21-150400.24.41.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.
CVE-2022-3113	—	< 5.14.21-150400.24.41.1	5.14.21-150400.24.41.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.
CVE-2022-3112	—	< 5.14.21-150400.24.41.1	5.14.21-150400.24.41.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.
CVE-2022-3111	—	< 5.14.21-150400.24.41.1	5.14.21-150400.24.41.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().
CVE-2022-3108	—	< 5.14.21-150400.24.41.1	5.14.21-150400.24.41.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
CVE-2022-3107	—	< 5.14.21-150400.24.41.1	5.14.21-150400.24.41.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.
CVE-2022-3106	—	< 5.14.21-150400.24.41.1	5.14.21-150400.24.41.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().
CVE-2022-3105	—	< 5.14.21-150400.24.41.1	5.14.21-150400.24.41.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().
CVE-2022-3104	—	< 5.14.21-150400.24.41.1	5.14.21-150400.24.41.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.
CVE-2022-42329	—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Dec 7, 2022	Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
CVE-2022-42328	—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Dec 7, 2022	Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
CVE-2022-3643	—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Dec 7, 2022	Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux networ
CVE-2022-4269	—	< 5.14.21-150400.24.66.1	5.14.21-150400.24.66.1	Dec 5, 2022	A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in
CVE-2022-45869	—	< 5.14.21-150400.24.38.1	5.14.21-150400.24.38.1	Nov 30, 2022	A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.
CVE-2022-4129	—	< 5.14.21-150400.24.38.1	5.14.21-150400.24.38.1	Nov 28, 2022	A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.
CVE-2022-45934	—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Nov 27, 2022	An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-45919	—	< 4.12.14-150100.197.148.1	4.12.14-150100.197.148.1	Nov 27, 2022	An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
CVE-2022-45888	—	< 5.14.21-150400.24.38.1	5.14.21-150400.24.38.1	Nov 25, 2022	An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.
CVE-2022-45887	—	< 4.12.14-150100.197.148.1	4.12.14-150100.197.148.1	Nov 25, 2022	An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
CVE-2022-45886	—	< 4.12.14-150100.197.148.1	4.12.14-150100.197.148.1	Nov 25, 2022	An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.

CVE-2022-3114Dec 14, 2022
affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.
CVE-2022-3113Dec 14, 2022
affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.
CVE-2022-3112Dec 14, 2022
affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.
CVE-2022-3111Dec 14, 2022
affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().
CVE-2022-3108Dec 14, 2022
affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
CVE-2022-3107Dec 14, 2022
affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.
CVE-2022-3106Dec 14, 2022
affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().
CVE-2022-3105Dec 14, 2022
affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().
CVE-2022-3104Dec 14, 2022
affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.
CVE-2022-42329Dec 7, 2022
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
CVE-2022-42328Dec 7, 2022
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
CVE-2022-3643Dec 7, 2022
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux networ
CVE-2022-4269Dec 5, 2022
affected < 5.14.21-150400.24.66.1fixed 5.14.21-150400.24.66.1
A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in
CVE-2022-45869Nov 30, 2022
affected < 5.14.21-150400.24.38.1fixed 5.14.21-150400.24.38.1
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.
CVE-2022-4129Nov 28, 2022
affected < 5.14.21-150400.24.38.1fixed 5.14.21-150400.24.38.1
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.
CVE-2022-45934Nov 27, 2022
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-45919Nov 27, 2022
affected < 4.12.14-150100.197.148.1fixed 4.12.14-150100.197.148.1
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
CVE-2022-45888Nov 25, 2022
affected < 5.14.21-150400.24.38.1fixed 5.14.21-150400.24.38.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.
CVE-2022-45887Nov 25, 2022
affected < 4.12.14-150100.197.148.1fixed 4.12.14-150100.197.148.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
CVE-2022-45886Nov 25, 2022
affected < 4.12.14-150100.197.148.1fixed 4.12.14-150100.197.148.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.

Page 10 of 18