rpm package
opensuse/kernel-default&distro=openSUSE Leap Micro 5.3
pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%20Micro%205.3
Vulnerabilities (683)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-0597 | — | < 5.14.21-150400.24.55.3 | 5.14.21-150400.24.55.3 | Feb 23, 2023 | A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected l | ||
| CVE-2023-25012 | — | < 5.14.21-150400.24.55.3 | 5.14.21-150400.24.55.3 | Feb 1, 2023 | The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. | ||
| CVE-2023-0266 | — | KEV | < 5.14.21-150400.24.46.1 | 5.14.21-150400.24.46.1 | Jan 30, 2023 | A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgradin | |
| CVE-2023-0394 | — | < 5.14.21-150400.24.60.1 | 5.14.21-150400.24.60.1 | Jan 24, 2023 | A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. | ||
| CVE-2023-0122 | — | < 5.14.21-150400.24.46.1 | 5.14.21-150400.24.46.1 | Jan 17, 2023 | A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4. | ||
| CVE-2022-47929 | — | < 5.14.21-150400.24.46.1 | 5.14.21-150400.24.46.1 | Jan 17, 2023 | In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This aff | ||
| CVE-2023-23559 | — | < 5.14.21-150400.24.55.3 | 5.14.21-150400.24.55.3 | Jan 13, 2023 | In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. | ||
| CVE-2023-23455 | — | < 5.14.21-150400.24.46.1 | 5.14.21-150400.24.46.1 | Jan 12, 2023 | atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | ||
| CVE-2023-23454 | — | < 5.14.21-150400.24.46.1 | 5.14.21-150400.24.46.1 | Jan 12, 2023 | cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | ||
| CVE-2022-4382 | — | < 5.14.21-150400.24.46.1 | 5.14.21-150400.24.46.1 | Jan 10, 2023 | A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side. | ||
| CVE-2022-4379 | — | < 5.14.21-150400.24.41.1 | 5.14.21-150400.24.41.1 | Jan 10, 2023 | A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial | ||
| CVE-2022-2196 | — | < 5.14.21-150400.24.63.1 | 5.14.21-150400.24.63.1 | Jan 9, 2023 | A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker a | ||
| CVE-2022-4662 | — | < 5.14.21-150400.24.41.1 | 5.14.21-150400.24.41.1 | Dec 22, 2022 | A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. | ||
| CVE-2022-47520 | — | < 5.14.21-150400.24.41.1 | 5.14.21-150400.24.41.1 | Dec 18, 2022 | An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink | ||
| CVE-2022-3115 | — | < 5.14.21-150400.24.41.1 | 5.14.21-150400.24.41.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. | ||
| CVE-2022-3114 | — | < 5.14.21-150400.24.41.1 | 5.14.21-150400.24.41.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference. | ||
| CVE-2022-3113 | — | < 5.14.21-150400.24.41.1 | 5.14.21-150400.24.41.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference. | ||
| CVE-2022-3112 | — | < 5.14.21-150400.24.41.1 | 5.14.21-150400.24.41.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. | ||
| CVE-2022-3111 | — | < 5.14.21-150400.24.41.1 | 5.14.21-150400.24.41.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger(). | ||
| CVE-2022-3108 | — | < 5.14.21-150400.24.41.1 | 5.14.21-150400.24.41.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). |
- CVE-2023-0597Feb 23, 2023affected < 5.14.21-150400.24.55.3fixed 5.14.21-150400.24.55.3
A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected l
- CVE-2023-25012Feb 1, 2023affected < 5.14.21-150400.24.55.3fixed 5.14.21-150400.24.55.3
The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.
- affected < 5.14.21-150400.24.46.1fixed 5.14.21-150400.24.46.1
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgradin
- CVE-2023-0394Jan 24, 2023affected < 5.14.21-150400.24.60.1fixed 5.14.21-150400.24.60.1
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.
- CVE-2023-0122Jan 17, 2023affected < 5.14.21-150400.24.46.1fixed 5.14.21-150400.24.46.1
A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4.
- CVE-2022-47929Jan 17, 2023affected < 5.14.21-150400.24.46.1fixed 5.14.21-150400.24.46.1
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This aff
- CVE-2023-23559Jan 13, 2023affected < 5.14.21-150400.24.55.3fixed 5.14.21-150400.24.55.3
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
- CVE-2023-23455Jan 12, 2023affected < 5.14.21-150400.24.46.1fixed 5.14.21-150400.24.46.1
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
- CVE-2023-23454Jan 12, 2023affected < 5.14.21-150400.24.46.1fixed 5.14.21-150400.24.46.1
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
- CVE-2022-4382Jan 10, 2023affected < 5.14.21-150400.24.46.1fixed 5.14.21-150400.24.46.1
A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side.
- CVE-2022-4379Jan 10, 2023affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial
- CVE-2022-2196Jan 9, 2023affected < 5.14.21-150400.24.63.1fixed 5.14.21-150400.24.63.1
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker a
- CVE-2022-4662Dec 22, 2022affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.
- CVE-2022-47520Dec 18, 2022affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink
- CVE-2022-3115Dec 14, 2022affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.
- CVE-2022-3114Dec 14, 2022affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.
- CVE-2022-3113Dec 14, 2022affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.
- CVE-2022-3112Dec 14, 2022affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.
- CVE-2022-3111Dec 14, 2022affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().
- CVE-2022-3108Dec 14, 2022affected < 5.14.21-150400.24.41.1fixed 5.14.21-150400.24.41.1
An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
Page 33 of 35