VYPR

rpm package

opensuse/kernel-source&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,435)

  • CVE-2022-40982Aug 11, 2023
    affected < 6.4.9-1.1fixed 6.4.9-1.1

    Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2023-20569Aug 8, 2023
    affected < 6.4.9-1.1fixed 6.4.9-1.1

    A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

  • CVE-2023-4194Aug 7, 2023
    affected < 6.4.11-1.1fixed 6.4.11-1.1

    A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following ups

  • CVE-2023-20593Jul 24, 2023
    affected < 6.4.6-1.1fixed 6.4.6-1.1

    An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

  • CVE-2023-3269Jul 11, 2023
    affected < 6.4.2-1.1fixed 6.4.2-1.1

    A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, esc

  • CVE-2023-3141Jun 9, 2023
    affected < 6.3.7-1.1fixed 6.3.7-1.1

    A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.

  • CVE-2023-2124May 15, 2023
    affected < 6.3.6-1.1fixed 6.3.6-1.1

    An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.

  • CVE-2023-0045Apr 25, 2023
    affected < 6.1.12-1.1fixed 6.1.12-1.1

    The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only

  • CVE-2023-31084Apr 24, 2023
    affected < 6.3.7-1.1fixed 6.3.7-1.1

    An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_

  • CVE-2023-1380Mar 27, 2023
    affected < 6.3.7-1.1fixed 6.3.7-1.1

    A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading t

  • CVE-2023-1078Mar 27, 2023
    affected < 6.2.8-1.1fixed 6.2.8-1.1

    A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_inf

  • CVE-2023-1076Mar 27, 2023
    affected < 6.2.4-1.1fixed 6.2.4-1.1

    A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user o

  • CVE-2022-3424Mar 6, 2023
    affected < 6.0.1-1.1fixed 6.0.1-1.1

    A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate

  • CVE-2022-3628Jan 12, 2023
    affected < 6.0.7-1.1fixed 6.0.7-1.1

    A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.

  • CVE-2022-4379Jan 10, 2023
    affected < 6.1.0-1.1fixed 6.1.0-1.1

    A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial

  • CVE-2022-45934Nov 27, 2022
    affected < 6.0.12-1.1fixed 6.0.12-1.1

    An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.

  • CVE-2022-45919Nov 27, 2022
    affected < 6.3.7-1.1fixed 6.3.7-1.1

    An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.

  • CVE-2022-45888Nov 25, 2022
    affected < 6.0.12-1.1fixed 6.0.12-1.1

    An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.

  • CVE-2022-45887Nov 25, 2022
    affected < 6.3.7-1.1fixed 6.3.7-1.1

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.

  • CVE-2022-45886Nov 25, 2022
    affected < 6.3.7-1.1fixed 6.3.7-1.1

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.

Page 60 of 72