rpm package
suse/kernel-azure&distro=SUSE Linux Enterprise Server 12 SP5
pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Vulnerabilities (1,481)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-47929 | Med | 5.5 | < 4.12.14-16.124.1 | 4.12.14-16.124.1 | Jan 17, 2023 | In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This aff | |
| CVE-2022-41858 | Hig | 7.1 | < 4.12.14-16.120.1 | 4.12.14-16.120.1 | Jan 17, 2023 | A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. | |
| CVE-2023-23559 | Hig | 7.8 | < 4.12.14-16.127.1 | 4.12.14-16.127.1 | Jan 13, 2023 | In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. | |
| CVE-2022-3628 | Med | 6.6 | < 4.12.14-16.120.1 | 4.12.14-16.120.1 | Jan 12, 2023 | A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. | |
| CVE-2023-23455 | Med | 5.5 | < 4.12.14-16.130.1 | 4.12.14-16.130.1 | Jan 12, 2023 | atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | |
| CVE-2023-23454 | Med | 5.5 | < 4.12.14-16.124.1 | 4.12.14-16.124.1 | Jan 12, 2023 | cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | |
| CVE-2022-4378 | Hig | 7.8 | < 4.12.14-16.120.1 | 4.12.14-16.120.1 | Jan 5, 2023 | A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |
| CVE-2022-4662 | Med | 5.5 | < 4.12.14-16.124.1 | 4.12.14-16.124.1 | Dec 22, 2022 | A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. | |
| CVE-2022-20567 | Med | 6.4 | < 4.12.14-16.130.1 | 4.12.14-16.130.1 | Dec 16, 2022 | In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid | |
| CVE-2022-3108 | Med | 5.5 | < 4.12.14-16.124.1 | 4.12.14-16.124.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). | |
| CVE-2022-3107 | Med | 5.5 | < 4.12.14-16.124.1 | 4.12.14-16.124.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference. | |
| CVE-2022-42329 | Med | 5.5 | < 4.12.14-16.120.1 | 4.12.14-16.120.1 | Dec 7, 2022 | Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free | |
| CVE-2022-42328 | Med | 5.5 | < 4.12.14-16.120.1 | 4.12.14-16.120.1 | Dec 7, 2022 | Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free | |
| CVE-2022-3643 | Med | 6.5 | < 4.12.14-16.120.1 | 4.12.14-16.120.1 | Dec 7, 2022 | Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux networ | |
| CVE-2022-4129 | Med | 5.5 | < 4.12.14-16.127.1 | 4.12.14-16.127.1 | Nov 28, 2022 | A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. | |
| CVE-2022-45934 | Hig | 7.8 | < 4.12.14-16.120.1 | 4.12.14-16.120.1 | Nov 27, 2022 | An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | |
| CVE-2022-45919 | Hig | 7.0 | < 4.12.14-16.136.1 | 4.12.14-16.136.1 | Nov 27, 2022 | An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. | |
| CVE-2022-45887 | Med | 4.7 | < 4.12.14-16.136.1 | 4.12.14-16.136.1 | Nov 25, 2022 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. | |
| CVE-2022-45886 | Hig | 7.0 | < 4.12.14-16.136.1 | 4.12.14-16.136.1 | Nov 25, 2022 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. | |
| CVE-2022-45885 | Hig | 7.0 | < 4.12.14-16.136.1 | 4.12.14-16.136.1 | Nov 25, 2022 | An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. |
- affected < 4.12.14-16.124.1fixed 4.12.14-16.124.1
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This aff
- affected < 4.12.14-16.120.1fixed 4.12.14-16.120.1
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.
- affected < 4.12.14-16.127.1fixed 4.12.14-16.127.1
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
- affected < 4.12.14-16.120.1fixed 4.12.14-16.120.1
A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.
- affected < 4.12.14-16.130.1fixed 4.12.14-16.130.1
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
- affected < 4.12.14-16.124.1fixed 4.12.14-16.124.1
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
- affected < 4.12.14-16.120.1fixed 4.12.14-16.120.1
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
- affected < 4.12.14-16.124.1fixed 4.12.14-16.124.1
A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.
- affected < 4.12.14-16.130.1fixed 4.12.14-16.130.1
In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid
- affected < 4.12.14-16.124.1fixed 4.12.14-16.124.1
An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
- affected < 4.12.14-16.124.1fixed 4.12.14-16.124.1
An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.
- affected < 4.12.14-16.120.1fixed 4.12.14-16.120.1
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
- affected < 4.12.14-16.120.1fixed 4.12.14-16.120.1
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
- affected < 4.12.14-16.120.1fixed 4.12.14-16.120.1
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux networ
- affected < 4.12.14-16.127.1fixed 4.12.14-16.127.1
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.
- affected < 4.12.14-16.120.1fixed 4.12.14-16.120.1
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
- affected < 4.12.14-16.136.1fixed 4.12.14-16.136.1
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
- affected < 4.12.14-16.136.1fixed 4.12.14-16.136.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
- affected < 4.12.14-16.136.1fixed 4.12.14-16.136.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
- affected < 4.12.14-16.136.1fixed 4.12.14-16.136.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
Page 51 of 75