rpm package
opensuse/kernel-rt_debug&distro=openSUSE Leap 15.5
pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5
Vulnerabilities (2,442)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-23454 | — | < 5.14.21-150500.13.5.1 | 5.14.21-150500.13.5.1 | Jan 12, 2023 | cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | ||
| CVE-2022-2196 | — | < 5.14.21-150500.13.5.1 | 5.14.21-150500.13.5.1 | Jan 9, 2023 | A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker a | ||
| CVE-2022-4269 | — | < 5.14.21-150500.13.5.1 | 5.14.21-150500.13.5.1 | Dec 5, 2022 | A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in | ||
| CVE-2022-45934 | — | < 5.14.21-150500.13.76.1 | 5.14.21-150500.13.76.1 | Nov 27, 2022 | An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | ||
| CVE-2022-45919 | — | < 5.14.21-150500.13.5.1 | 5.14.21-150500.13.5.1 | Nov 27, 2022 | An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. | ||
| CVE-2022-45887 | — | < 5.14.21-150500.13.5.1 | 5.14.21-150500.13.5.1 | Nov 25, 2022 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. | ||
| CVE-2022-45886 | — | < 5.14.21-150500.13.5.1 | 5.14.21-150500.13.5.1 | Nov 25, 2022 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. | ||
| CVE-2022-45885 | — | < 5.14.21-150500.13.5.1 | 5.14.21-150500.13.5.1 | Nov 25, 2022 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. | ||
| CVE-2022-45884 | — | < 5.14.21-150500.13.5.1 | 5.14.21-150500.13.5.1 | Nov 25, 2022 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. | ||
| CVE-2022-3523 | — | < 5.14.21-150500.13.5.1 | 5.14.21-150500.13.5.1 | Oct 16, 2022 | A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to | ||
| CVE-2022-3435 | — | < 5.14.21-150500.13.76.1 | 5.14.21-150500.13.76.1 | Oct 8, 2022 | A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is | ||
| CVE-2022-38096 | Med | 6.3 | < 5.14.21-150500.13.5.1 | 5.14.21-150500.13.5.1 | Sep 9, 2022 | A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, cau | |
| CVE-2022-40133 | — | < 5.14.21-150500.13.18.1 | 5.14.21-150500.13.18.1 | Sep 9, 2022 | A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain | ||
| CVE-2022-38457 | — | < 5.14.21-150500.13.18.1 | 5.14.21-150500.13.18.1 | Sep 9, 2022 | A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privi | ||
| CVE-2022-36280 | — | < 5.14.21-150500.13.5.1 | 5.14.21-150500.13.5.1 | Sep 9, 2022 | An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privi | ||
| CVE-2021-4148 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | Mar 23, 2022 | A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem. | ||
| CVE-2021-39698 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | Mar 16, 2022 | In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android ke | ||
| CVE-2021-43527 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | Dec 8, 2021 | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. | ||
| CVE-2021-43056 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | Oct 28, 2021 | An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. | ||
| CVE-2021-42327 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | Oct 21, 2021 | dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within pa |
- CVE-2023-23454Jan 12, 2023affected < 5.14.21-150500.13.5.1fixed 5.14.21-150500.13.5.1
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
- CVE-2022-2196Jan 9, 2023affected < 5.14.21-150500.13.5.1fixed 5.14.21-150500.13.5.1
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker a
- CVE-2022-4269Dec 5, 2022affected < 5.14.21-150500.13.5.1fixed 5.14.21-150500.13.5.1
A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in
- CVE-2022-45934Nov 27, 2022affected < 5.14.21-150500.13.76.1fixed 5.14.21-150500.13.76.1
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
- CVE-2022-45919Nov 27, 2022affected < 5.14.21-150500.13.5.1fixed 5.14.21-150500.13.5.1
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
- CVE-2022-45887Nov 25, 2022affected < 5.14.21-150500.13.5.1fixed 5.14.21-150500.13.5.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
- CVE-2022-45886Nov 25, 2022affected < 5.14.21-150500.13.5.1fixed 5.14.21-150500.13.5.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
- CVE-2022-45885Nov 25, 2022affected < 5.14.21-150500.13.5.1fixed 5.14.21-150500.13.5.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
- CVE-2022-45884Nov 25, 2022affected < 5.14.21-150500.13.5.1fixed 5.14.21-150500.13.5.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.
- CVE-2022-3523Oct 16, 2022affected < 5.14.21-150500.13.5.1fixed 5.14.21-150500.13.5.1
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to
- CVE-2022-3435Oct 8, 2022affected < 5.14.21-150500.13.76.1fixed 5.14.21-150500.13.76.1
A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is
- affected < 5.14.21-150500.13.5.1fixed 5.14.21-150500.13.5.1
A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, cau
- CVE-2022-40133Sep 9, 2022affected < 5.14.21-150500.13.18.1fixed 5.14.21-150500.13.18.1
A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain
- CVE-2022-38457Sep 9, 2022affected < 5.14.21-150500.13.18.1fixed 5.14.21-150500.13.18.1
A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privi
- CVE-2022-36280Sep 9, 2022affected < 5.14.21-150500.13.5.1fixed 5.14.21-150500.13.5.1
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privi
- CVE-2021-4148Mar 23, 2022affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.
- CVE-2021-39698Mar 16, 2022affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android ke
- CVE-2021-43527Dec 8, 2021affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted.
- CVE-2021-43056Oct 28, 2021affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.
- CVE-2021-42327Oct 21, 2021affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within pa
Page 122 of 123