rpm package
opensuse/kernel-rt&distro=openSUSE Leap Micro 5.4
pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.4
Vulnerabilities (571)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-35827 | — | < 5.14.21-150400.15.76.1 | 5.14.21-150400.15.76.1 | Jun 18, 2023 | An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. | ||
| CVE-2023-3268 | — | < 5.14.21-150400.15.46.1 | 5.14.21-150400.15.46.1 | Jun 16, 2023 | An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. | ||
| CVE-2023-2985 | — | < 5.14.21-150400.15.46.1 | 5.14.21-150400.15.46.1 | Jun 1, 2023 | A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem. | ||
| CVE-2023-0459 | — | < 5.14.21-150400.15.46.1 | 5.14.21-150400.15.46.1 | May 25, 2023 | Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commi | ||
| CVE-2023-2156 | — | < 5.14.21-150400.15.46.1 | 5.14.21-150400.15.46.1 | May 9, 2023 | A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create | ||
| CVE-2023-31085 | — | < 5.14.21-150400.15.59.1 | 5.14.21-150400.15.59.1 | Apr 24, 2023 | An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0. | ||
| CVE-2023-31083 | — | < 5.14.21-150400.15.46.1 | 5.14.21-150400.15.46.1 | Apr 24, 2023 | An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur. | ||
| CVE-2023-2006 | — | < 5.14.21-150400.15.62.1 | 5.14.21-150400.15.62.1 | Apr 24, 2023 | A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary cod | ||
| CVE-2023-2166 | — | < 5.14.21-150400.15.46.1 | 5.14.21-150400.15.46.1 | Apr 19, 2023 | A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service. | ||
| CVE-2021-43527 | — | < 5.14.21-150400.15.82.1 | 5.14.21-150400.15.82.1 | Dec 8, 2021 | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. | ||
| CVE-2020-26555 | — | < 5.14.21-150400.15.65.1 | 5.14.21-150400.15.65.1 | May 24, 2021 | Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN. |
- CVE-2023-35827Jun 18, 2023affected < 5.14.21-150400.15.76.1fixed 5.14.21-150400.15.76.1
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.
- CVE-2023-3268Jun 16, 2023affected < 5.14.21-150400.15.46.1fixed 5.14.21-150400.15.46.1
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
- CVE-2023-2985Jun 1, 2023affected < 5.14.21-150400.15.46.1fixed 5.14.21-150400.15.46.1
A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.
- CVE-2023-0459May 25, 2023affected < 5.14.21-150400.15.46.1fixed 5.14.21-150400.15.46.1
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commi
- CVE-2023-2156May 9, 2023affected < 5.14.21-150400.15.46.1fixed 5.14.21-150400.15.46.1
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create
- CVE-2023-31085Apr 24, 2023affected < 5.14.21-150400.15.59.1fixed 5.14.21-150400.15.59.1
An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.
- CVE-2023-31083Apr 24, 2023affected < 5.14.21-150400.15.46.1fixed 5.14.21-150400.15.46.1
An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur.
- CVE-2023-2006Apr 24, 2023affected < 5.14.21-150400.15.62.1fixed 5.14.21-150400.15.62.1
A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary cod
- CVE-2023-2166Apr 19, 2023affected < 5.14.21-150400.15.46.1fixed 5.14.21-150400.15.46.1
A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.
- CVE-2021-43527Dec 8, 2021affected < 5.14.21-150400.15.82.1fixed 5.14.21-150400.15.82.1
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted.
- CVE-2020-26555May 24, 2021affected < 5.14.21-150400.15.65.1fixed 5.14.21-150400.15.65.1
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
Page 29 of 29