VYPR

rpm package

opensuse/kernel-rt&distro=openSUSE Leap Micro 5.3

pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.3

Vulnerabilities (676)

  • CVE-2022-3104Dec 14, 2022
    affected < 5.14.21-150400.15.8.1fixed 5.14.21-150400.15.8.1

    An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.

  • CVE-2022-4269Dec 5, 2022
    affected < 5.14.21-150400.15.37.2fixed 5.14.21-150400.15.37.2

    A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in

  • CVE-2022-45919Nov 27, 2022
    affected < 5.14.21-150400.15.37.2fixed 5.14.21-150400.15.37.2

    An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.

  • CVE-2022-45887Nov 25, 2022
    affected < 5.14.21-150400.15.37.2fixed 5.14.21-150400.15.37.2

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.

  • CVE-2022-45886Nov 25, 2022
    affected < 5.14.21-150400.15.37.2fixed 5.14.21-150400.15.37.2

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.

  • CVE-2022-45885Nov 25, 2022
    affected < 5.14.21-150400.15.37.2fixed 5.14.21-150400.15.37.2

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.

  • CVE-2022-45884Nov 25, 2022
    affected < 5.14.21-150400.15.37.2fixed 5.14.21-150400.15.37.2

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.

  • CVE-2022-3344Oct 24, 2022
    affected < 5.14.21-150400.15.8.1fixed 5.14.21-150400.15.8.1

    A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0).

  • CVE-2022-3564Oct 17, 2022
    affected < 5.14.21-150400.15.8.1fixed 5.14.21-150400.15.8.1

    A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to

  • CVE-2022-3523Oct 16, 2022
    affected < 5.14.21-150400.15.18.1fixed 5.14.21-150400.15.18.1

    A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to

  • CVE-2022-38096MedSep 9, 2022
    affected < 5.14.21-150400.15.18.1fixed 5.14.21-150400.15.18.1

    A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, cau

  • CVE-2022-36280Sep 9, 2022
    affected < 5.14.21-150400.15.11.1fixed 5.14.21-150400.15.11.1

    An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privi

  • CVE-2021-43527Dec 8, 2021
    affected < 5.14.21-150400.15.82.1fixed 5.14.21-150400.15.82.1

    NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted.

  • CVE-2020-26555May 24, 2021
    affected < 5.14.21-150400.15.65.1fixed 5.14.21-150400.15.65.1

    Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.

  • CVE-2020-24588LowMay 11, 2021
    affected < 5.14.21-150400.15.11.1fixed 5.14.21-150400.15.11.1

    The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is manda

  • CVE-2017-5753Jan 4, 2018
    affected < 5.14.21-150400.15.23.1fixed 5.14.21-150400.15.23.1

    Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Page 34 of 34