rpm package
opensuse/kernel-kvmsmall&distro=openSUSE Leap 15.5
pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.5
Vulnerabilities (1,895)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-45919 | — | < 5.14.21-150500.55.7.1 | 5.14.21-150500.55.7.1 | Nov 27, 2022 | An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. | ||
| CVE-2022-45887 | — | < 5.14.21-150500.55.7.1 | 5.14.21-150500.55.7.1 | Nov 25, 2022 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. | ||
| CVE-2022-45886 | — | < 5.14.21-150500.55.7.1 | 5.14.21-150500.55.7.1 | Nov 25, 2022 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. | ||
| CVE-2022-45885 | — | < 5.14.21-150500.55.7.1 | 5.14.21-150500.55.7.1 | Nov 25, 2022 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. | ||
| CVE-2022-45884 | — | < 5.14.21-150500.55.7.1 | 5.14.21-150500.55.7.1 | Nov 25, 2022 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. | ||
| CVE-2022-38096 | Med | 6.3 | < 5.14.21-150500.55.7.1 | 5.14.21-150500.55.7.1 | Sep 9, 2022 | A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, cau | |
| CVE-2022-40133 | — | < 5.14.21-150500.55.28.1 | 5.14.21-150500.55.28.1 | Sep 9, 2022 | A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain | ||
| CVE-2022-38457 | — | < 5.14.21-150500.55.28.1 | 5.14.21-150500.55.28.1 | Sep 9, 2022 | A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privi | ||
| CVE-2022-36280 | — | < 5.14.21-150500.55.7.1 | 5.14.21-150500.55.7.1 | Sep 9, 2022 | An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privi | ||
| CVE-2021-4204 | — | < 5.14.21-150500.55.80.2 | 5.14.21-150500.55.80.2 | Aug 24, 2022 | An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. | ||
| CVE-2022-0500 | — | < 5.14.21-150500.55.80.2 | 5.14.21-150500.55.80.2 | Mar 25, 2022 | A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. | ||
| CVE-2021-4148 | — | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | Mar 23, 2022 | A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem. | ||
| CVE-2022-23222 | — | < 5.14.21-150500.55.80.2 | 5.14.21-150500.55.80.2 | Jan 14, 2022 | kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. | ||
| CVE-2021-43527 | — | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | Dec 8, 2021 | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. | ||
| CVE-2020-26555 | — | < 5.14.21-150500.55.44.1 | 5.14.21-150500.55.44.1 | May 24, 2021 | Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN. |
- CVE-2022-45919Nov 27, 2022affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
- CVE-2022-45887Nov 25, 2022affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
- CVE-2022-45886Nov 25, 2022affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
- CVE-2022-45885Nov 25, 2022affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
- CVE-2022-45884Nov 25, 2022affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.
- affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1
A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, cau
- CVE-2022-40133Sep 9, 2022affected < 5.14.21-150500.55.28.1fixed 5.14.21-150500.55.28.1
A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain
- CVE-2022-38457Sep 9, 2022affected < 5.14.21-150500.55.28.1fixed 5.14.21-150500.55.28.1
A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privi
- CVE-2022-36280Sep 9, 2022affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privi
- CVE-2021-4204Aug 24, 2022affected < 5.14.21-150500.55.80.2fixed 5.14.21-150500.55.80.2
An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.
- CVE-2022-0500Mar 25, 2022affected < 5.14.21-150500.55.80.2fixed 5.14.21-150500.55.80.2
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.
- CVE-2021-4148Mar 23, 2022affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.
- CVE-2022-23222Jan 14, 2022affected < 5.14.21-150500.55.80.2fixed 5.14.21-150500.55.80.2
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
- CVE-2021-43527Dec 8, 2021affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted.
- CVE-2020-26555May 24, 2021affected < 5.14.21-150500.55.44.1fixed 5.14.21-150500.55.44.1
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
Page 95 of 95