VYPR

rpm package

suse/kernel-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP5

pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5

Vulnerabilities (2,432)

  • CVE-2023-0590MedMar 23, 2023
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.

  • CVE-2023-1118HigMar 2, 2023
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

  • CVE-2023-23006MedMar 1, 2023
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

  • CVE-2023-23004MedMar 1, 2023
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

  • CVE-2023-23001MedMar 1, 2023
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

  • CVE-2023-23000MedMar 1, 2023
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.

  • CVE-2023-1095MedFeb 28, 2023
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer deref

  • CVE-2023-22998MedFeb 28, 2023
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

  • CVE-2023-0461HigFeb 28, 2023
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege

  • CVE-2023-26545MedFeb 25, 2023
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

  • CVE-2023-0597MedFeb 23, 2023
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected l

  • CVE-2023-25012MedFeb 2, 2023
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.

  • CVE-2023-0469MedJan 26, 2023
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service.

  • CVE-2023-0394MedJan 26, 2023
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.

  • CVE-2023-0122HigJan 17, 2023
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4.

  • CVE-2022-2196MedJan 9, 2023
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker a

  • CVE-2022-4269MedDec 5, 2022
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in

  • CVE-2022-45934HigNov 27, 2022
    affected < 5.14.21-150500.33.72.1fixed 5.14.21-150500.33.72.1

    An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.

  • CVE-2022-45919HigNov 27, 2022
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.

  • CVE-2022-45887MedNov 25, 2022
    affected < 5.14.21-150500.33.3.1fixed 5.14.21-150500.33.3.1

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.

Page 121 of 122