rpm package

opensuse/kernel-preempt&distro=openSUSE Leap 15.4

pkg:rpm/opensuse/kernel-preempt&distro=openSUSE%20Leap%2015.4

Vulnerabilities (31)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-1729	—	< 5.3.18-150300.59.71.2	5.3.18-150300.59.71.2	Sep 1, 2022	A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
CVE-2022-1975	—	< 5.3.18-150300.59.76.1	5.3.18-150300.59.76.1	Aug 31, 2022	There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.
CVE-2022-1974	—	< 5.3.18-150300.59.76.1	5.3.18-150300.59.76.1	Aug 31, 2022	A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.
CVE-2022-0812	—	< 5.3.18-150300.59.68.1	5.3.18-150300.59.68.1	Aug 29, 2022	An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.
CVE-2022-1184	—	< 5.3.18-150300.59.71.2	5.3.18-150300.59.71.2	Aug 29, 2022	A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
CVE-2022-0168	—	< 5.3.18-150300.59.71.2	5.3.18-150300.59.71.2	Aug 26, 2022	A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to cr
CVE-2022-1158	—	< 5.3.18-150300.59.68.1	5.3.18-150300.59.68.1	Aug 5, 2022	A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace
CVE-2022-21180	—	< 5.3.18-150300.59.71.2	5.3.18-150300.59.71.2	Jun 15, 2022	Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.
CVE-2022-21166	—	< 5.3.18-150300.59.71.2	5.3.18-150300.59.71.2	Jun 15, 2022	Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21127	—	< 5.3.18-150300.59.71.2	5.3.18-150300.59.71.2	Jun 15, 2022	Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21125	—	< 5.3.18-150300.59.71.2	5.3.18-150300.59.71.2	Jun 15, 2022	Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21123	—	< 5.3.18-150300.59.71.2	5.3.18-150300.59.71.2	Jun 15, 2022	Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-1652	—	< 5.3.18-150300.59.71.2	5.3.18-150300.59.71.2	May 31, 2022	Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a
CVE-2022-1419	—	< 5.3.18-150300.59.68.1	5.3.18-150300.59.68.1	May 31, 2022	The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of drm_vgem_gem_object (created in vgem_gem_dumb_create) concurrently, and vgem_gem_dumb_create will access the freed drm_vgem_gem_object.
CVE-2022-30594	—	< 5.3.18-150300.59.71.2	5.3.18-150300.59.71.2	May 12, 2022	The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
CVE-2022-20008	—	< 5.3.18-150300.59.71.2	5.3.18-150300.59.71.2	May 10, 2022	In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is no
CVE-2022-1516	—	< 5.3.18-150300.59.68.1	5.3.18-150300.59.68.1	May 5, 2022	A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s
CVE-2022-1353	—	< 5.3.18-150300.59.68.1	5.3.18-150300.59.68.1	Apr 29, 2022	A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
CVE-2022-1280	—	< 5.3.18-150300.59.68.1	5.3.18-150300.59.68.1	Apr 13, 2022	A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.
CVE-2022-29156	—	< 5.3.18-150300.59.68.1	5.3.18-150300.59.68.1	Apr 13, 2022	drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.

CVE-2022-1729Sep 1, 2022
affected < 5.3.18-150300.59.71.2fixed 5.3.18-150300.59.71.2
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
CVE-2022-1975Aug 31, 2022
affected < 5.3.18-150300.59.76.1fixed 5.3.18-150300.59.76.1
There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.
CVE-2022-1974Aug 31, 2022
affected < 5.3.18-150300.59.76.1fixed 5.3.18-150300.59.76.1
A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.
CVE-2022-0812Aug 29, 2022
affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.
CVE-2022-1184Aug 29, 2022
affected < 5.3.18-150300.59.71.2fixed 5.3.18-150300.59.71.2
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
CVE-2022-0168Aug 26, 2022
affected < 5.3.18-150300.59.71.2fixed 5.3.18-150300.59.71.2
A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to cr
CVE-2022-1158Aug 5, 2022
affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace
CVE-2022-21180Jun 15, 2022
affected < 5.3.18-150300.59.71.2fixed 5.3.18-150300.59.71.2
Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.
CVE-2022-21166Jun 15, 2022
affected < 5.3.18-150300.59.71.2fixed 5.3.18-150300.59.71.2
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21127Jun 15, 2022
affected < 5.3.18-150300.59.71.2fixed 5.3.18-150300.59.71.2
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21125Jun 15, 2022
affected < 5.3.18-150300.59.71.2fixed 5.3.18-150300.59.71.2
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21123Jun 15, 2022
affected < 5.3.18-150300.59.71.2fixed 5.3.18-150300.59.71.2
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-1652May 31, 2022
affected < 5.3.18-150300.59.71.2fixed 5.3.18-150300.59.71.2
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a
CVE-2022-1419May 31, 2022
affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.
CVE-2022-30594May 12, 2022
affected < 5.3.18-150300.59.71.2fixed 5.3.18-150300.59.71.2
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
CVE-2022-20008May 10, 2022
affected < 5.3.18-150300.59.71.2fixed 5.3.18-150300.59.71.2
In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is no
CVE-2022-1516May 5, 2022
affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s
CVE-2022-1353Apr 29, 2022
affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
CVE-2022-1280Apr 13, 2022
affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.
CVE-2022-29156Apr 13, 2022
affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.

Page 1 of 2