rpm package

opensuse/kernel-obs-build&distro=openSUSE Leap 15.3

pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.3

Vulnerabilities (316)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-20008	—	< 5.3.18-150300.59.71.2	5.3.18-150300.59.71.2	May 10, 2022	In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is no
CVE-2022-1516	—	< 5.3.18-150300.59.68.1	5.3.18-150300.59.68.1	May 5, 2022	A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s
CVE-2022-1353	—	< 5.3.18-150300.59.68.1	5.3.18-150300.59.68.1	Apr 29, 2022	A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
CVE-2022-1195	—	< 5.3.18-150300.59.63.1	5.3.18-150300.59.63.1	Apr 29, 2022	A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.
CVE-2022-1048	—	< 5.3.18-150300.59.63.1	5.3.18-150300.59.63.1	Apr 29, 2022	A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
CVE-2022-1280	—	< 5.3.18-150300.59.68.1	5.3.18-150300.59.68.1	Apr 13, 2022	A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.
CVE-2022-29156	—	< 5.3.18-150300.59.68.1	5.3.18-150300.59.68.1	Apr 13, 2022	drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.
CVE-2021-0707	—	< 5.3.18-150300.59.68.1	5.3.18-150300.59.68.1	Apr 12, 2022	In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kerne
CVE-2022-28893	—	< 5.3.18-150300.59.68.1	5.3.18-150300.59.68.1	Apr 11, 2022	The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
CVE-2022-28388	—	< 5.3.18-150300.59.63.1	5.3.18-150300.59.63.1	Apr 3, 2022	usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28389	—	< 5.3.18-150300.59.63.1	5.3.18-150300.59.63.1	Apr 3, 2022	mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28390	—	< 5.3.18-150300.59.63.1	5.3.18-150300.59.63.1	Apr 3, 2022	ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28356	—	< 5.3.18-150300.59.68.1	5.3.18-150300.59.68.1	Apr 2, 2022	In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
CVE-2022-1055	—	< 5.3.18-150300.59.63.1	5.3.18-150300.59.63.1	Mar 29, 2022	A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
CVE-2022-0322	—	< 5.3.18-150300.59.43.1	5.3.18-150300.59.43.1	Mar 25, 2022	A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of s
CVE-2021-4202	—	< 5.3.18-150300.59.43.1	5.3.18-150300.59.43.1	Mar 25, 2022	A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalat
CVE-2021-4157	—	< 5.3.18-150300.59.87.1	5.3.18-150300.59.87.1	Mar 25, 2022	An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileg
CVE-2022-0435	—	< 5.3.18-150300.59.49.1	5.3.18-150300.59.49.1	Mar 25, 2022	A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate
CVE-2022-0330	—	< 5.3.18-150300.59.49.1	5.3.18-150300.59.49.1	Mar 25, 2022	A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2021-4203	—	< 5.3.18-150300.59.93.1	5.3.18-150300.59.93.1	Mar 25, 2022	A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.

CVE-2022-20008May 10, 2022
affected < 5.3.18-150300.59.71.2fixed 5.3.18-150300.59.71.2
In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is no
CVE-2022-1516May 5, 2022
affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s
CVE-2022-1353Apr 29, 2022
affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
CVE-2022-1195Apr 29, 2022
affected < 5.3.18-150300.59.63.1fixed 5.3.18-150300.59.63.1
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.
CVE-2022-1048Apr 29, 2022
affected < 5.3.18-150300.59.63.1fixed 5.3.18-150300.59.63.1
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
CVE-2022-1280Apr 13, 2022
affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.
CVE-2022-29156Apr 13, 2022
affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.
CVE-2021-0707Apr 12, 2022
affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kerne
CVE-2022-28893Apr 11, 2022
affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
CVE-2022-28388Apr 3, 2022
affected < 5.3.18-150300.59.63.1fixed 5.3.18-150300.59.63.1
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28389Apr 3, 2022
affected < 5.3.18-150300.59.63.1fixed 5.3.18-150300.59.63.1
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28390Apr 3, 2022
affected < 5.3.18-150300.59.63.1fixed 5.3.18-150300.59.63.1
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28356Apr 2, 2022
affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
CVE-2022-1055Mar 29, 2022
affected < 5.3.18-150300.59.63.1fixed 5.3.18-150300.59.63.1
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
CVE-2022-0322Mar 25, 2022
affected < 5.3.18-150300.59.43.1fixed 5.3.18-150300.59.43.1
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of s
CVE-2021-4202Mar 25, 2022
affected < 5.3.18-150300.59.43.1fixed 5.3.18-150300.59.43.1
A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalat
CVE-2021-4157Mar 25, 2022
affected < 5.3.18-150300.59.87.1fixed 5.3.18-150300.59.87.1
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileg
CVE-2022-0435Mar 25, 2022
affected < 5.3.18-150300.59.49.1fixed 5.3.18-150300.59.49.1
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate
CVE-2022-0330Mar 25, 2022
affected < 5.3.18-150300.59.49.1fixed 5.3.18-150300.59.49.1
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2021-4203Mar 25, 2022
affected < 5.3.18-150300.59.93.1fixed 5.3.18-150300.59.93.1
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.

Page 7 of 16