VYPR

rpm package

opensuse/kernel-source&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,435)

  • CVE-2022-1852Jun 30, 2022
    affected < 5.18.2-1.1fixed 5.18.2-1.1

    A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.

  • CVE-2022-1462May 31, 2022
    affected < 5.18.11-1.1fixed 5.18.11-1.1

    An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local u

  • CVE-2022-1679May 16, 2022
    affected < 5.18.6-1.1fixed 5.18.6-1.1

    A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.

  • CVE-2022-1516May 5, 2022
    affected < 5.17.5-1.1fixed 5.17.5-1.1

    A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s

  • CVE-2022-29968May 2, 2022
    affected < 5.17.5-1.1fixed 5.17.5-1.1

    An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.

  • CVE-2022-28893Apr 11, 2022
    affected < 5.17.4-1.1fixed 5.17.4-1.1

    The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.

  • CVE-2022-28388Apr 3, 2022
    affected < 5.17.2-1.1fixed 5.17.2-1.1

    usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.

  • CVE-2022-28389Apr 3, 2022
    affected < 5.17.2-1.1fixed 5.17.2-1.1

    mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.

  • CVE-2022-28390Apr 3, 2022
    affected < 5.17.2-1.1fixed 5.17.2-1.1

    ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.

  • CVE-2022-0330Mar 25, 2022
    affected < 5.16.4-1.1fixed 5.16.4-1.1

    A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

  • CVE-2022-0847KEVMar 7, 2022
    affected < 5.16.14-1.1fixed 5.16.14-1.1

    A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to

  • CVE-2022-26490Mar 6, 2022
    affected < 5.16.14-1.1fixed 5.16.14-1.1

    st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.

  • CVE-2021-3656Mar 4, 2022
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue c

  • CVE-2021-3744Mar 4, 2022
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

  • CVE-2021-3640Mar 3, 2022
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable fau

  • CVE-2021-3753Feb 16, 2022
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidenti

  • CVE-2022-0185KEVFeb 11, 2022
    affected < 5.16.2-1.1fixed 5.16.2-1.1

    A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced

  • CVE-2022-24958Feb 11, 2022
    affected < 5.16.10-1.1fixed 5.16.10-1.1

    drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.

  • CVE-2021-43976Nov 17, 2021
    affected < 5.15.6-1.3fixed 5.15.6-1.3

    In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).

  • CVE-2017-5123Nov 2, 2021
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.

Page 62 of 72