opensuse/kernel-rt&distro=openSUSE Leap Micro 5.2

Vulnerabilities (127)

• CVE-2022-28693MedFeb 14, 2025
  affected < 5.3.18-150300.112.1fixed 5.3.18-150300.112.1

  Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

• CVE-2022-21505Dec 24, 2024
  affected < 5.3.18-150300.99.1fixed 5.3.18-150300.99.1

  In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this

• CVE-2022-2602Jan 8, 2024
  affected < 5.3.18-150300.112.1fixed 5.3.18-150300.112.1

  io_uring UAF, Unix SCM garbage collection

• CVE-2022-2588Jan 8, 2024
  affected < 5.3.18-150300.106.1fixed 5.3.18-150300.106.1

  It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.

• CVE-2022-2586KEVJan 8, 2024
  affected < 5.3.18-150300.106.1fixed 5.3.18-150300.106.1

  It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

• CVE-2022-4095Mar 22, 2023
  affected < 5.3.18-150300.112.1fixed 5.3.18-150300.112.1

  A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.

• CVE-2022-3707Mar 6, 2023
  affected < 5.3.18-150300.112.1fixed 5.3.18-150300.112.1

  A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.

• CVE-2022-3424Mar 6, 2023
  affected < 5.3.18-150300.109.1fixed 5.3.18-150300.109.1

  A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate

• CVE-2022-4139Jan 27, 2023
  affected < 5.3.18-150300.112.1fixed 5.3.18-150300.112.1

  An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.

• CVE-2022-41858Jan 17, 2023
  affected < 5.3.18-150300.112.1fixed 5.3.18-150300.112.1

  A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.

• CVE-2022-3628Jan 12, 2023
  affected < 5.3.18-150300.112.1fixed 5.3.18-150300.112.1

  A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.

• CVE-2022-4378Jan 5, 2023
  affected < 5.3.18-150300.112.1fixed 5.3.18-150300.112.1

  A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.

• CVE-2022-4662Dec 22, 2022
  affected < 5.3.18-150300.115.1fixed 5.3.18-150300.115.1

  A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.

• CVE-2022-3111Dec 14, 2022
  affected < 5.3.18-150300.115.1fixed 5.3.18-150300.115.1

  An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().

• CVE-2022-3108Dec 14, 2022
  affected < 5.3.18-150300.115.1fixed 5.3.18-150300.115.1

  An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().

• CVE-2022-3107Dec 14, 2022
  affected < 5.3.18-150300.115.1fixed 5.3.18-150300.115.1

  An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.

• CVE-2022-3106Dec 14, 2022
  affected < 5.3.18-150300.115.1fixed 5.3.18-150300.115.1

  An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().

• CVE-2022-3105Dec 14, 2022
  affected < 5.3.18-150300.115.1fixed 5.3.18-150300.115.1

  An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().

• CVE-2022-42329Dec 7, 2022
  affected < 5.3.18-150300.115.1fixed 5.3.18-150300.115.1

  Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free

• CVE-2022-42328Dec 7, 2022
  affected < 5.3.18-150300.115.1fixed 5.3.18-150300.115.1

  Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free