rpm package
suse/kernel-default&distro=SUSE Enterprise Storage 7
pkg:rpm/suse/kernel-default&distro=SUSE%20Enterprise%20Storage%207
Vulnerabilities (279)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-33742 | — | < 5.3.18-150200.24.126.1 | 5.3.18-150200.24.126.1 | Jul 5, 2022 | Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-202 | ||
| CVE-2022-33741 | — | < 5.3.18-150200.24.126.1 | 5.3.18-150200.24.126.1 | Jul 5, 2022 | Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-202 | ||
| CVE-2022-33740 | — | < 5.3.18-150200.24.126.1 | 5.3.18-150200.24.126.1 | Jul 5, 2022 | Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-202 | ||
| CVE-2022-26365 | — | < 5.3.18-150200.24.126.1 | 5.3.18-150200.24.126.1 | Jul 5, 2022 | Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-202 | ||
| CVE-2022-33981 | — | < 5.3.18-150200.24.126.1 | 5.3.18-150200.24.126.1 | Jun 18, 2022 | drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. | ||
| CVE-2022-21180 | — | < 5.3.18-150200.24.115.1 | 5.3.18-150200.24.115.1 | Jun 15, 2022 | Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access. | ||
| CVE-2022-21166 | — | < 5.3.18-150200.24.115.1 | 5.3.18-150200.24.115.1 | Jun 15, 2022 | Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2022-21127 | — | < 5.3.18-150200.24.115.1 | 5.3.18-150200.24.115.1 | Jun 15, 2022 | Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2022-21125 | — | < 5.3.18-150200.24.115.1 | 5.3.18-150200.24.115.1 | Jun 15, 2022 | Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2022-21123 | — | < 5.3.18-150200.24.115.1 | 5.3.18-150200.24.115.1 | Jun 15, 2022 | Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2022-20166 | — | < 5.3.18-150200.24.129.1 | 5.3.18-150200.24.129.1 | Jun 15, 2022 | In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An | ||
| CVE-2022-20154 | — | < 5.3.18-150200.24.126.1 | 5.3.18-150200.24.126.1 | Jun 15, 2022 | In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: | ||
| CVE-2022-20141 | — | < 5.3.18-150200.24.126.1 | 5.3.18-150200.24.126.1 | Jun 15, 2022 | In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product | ||
| CVE-2022-20132 | — | < 5.3.18-150200.24.126.1 | 5.3.18-150200.24.126.1 | Jun 15, 2022 | In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges n | ||
| CVE-2022-32296 | — | < 5.3.18-150200.24.134.1 | 5.3.18-150200.24.134.1 | Jun 5, 2022 | The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. | ||
| CVE-2022-32250 | — | < 5.3.18-150200.24.129.1 | 5.3.18-150200.24.129.1 | Jun 2, 2022 | net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. | ||
| CVE-2022-1652 | — | < 5.3.18-150200.24.115.1 | 5.3.18-150200.24.115.1 | May 31, 2022 | Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a | ||
| CVE-2022-1462 | — | < 5.3.18-150200.24.126.1 | 5.3.18-150200.24.126.1 | May 31, 2022 | An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local u | ||
| CVE-2022-1734 | — | < 5.3.18-150200.24.115.1 | 5.3.18-150200.24.115.1 | May 18, 2022 | A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. | ||
| CVE-2022-29581 | — | < 5.3.18-150200.24.129.1 | 5.3.18-150200.24.129.1 | May 17, 2022 | Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. |
- CVE-2022-33742Jul 5, 2022affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-202
- CVE-2022-33741Jul 5, 2022affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-202
- CVE-2022-33740Jul 5, 2022affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-202
- CVE-2022-26365Jul 5, 2022affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-202
- CVE-2022-33981Jun 18, 2022affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
- CVE-2022-21180Jun 15, 2022affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1
Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.
- CVE-2022-21166Jun 15, 2022affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-21127Jun 15, 2022affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-21125Jun 15, 2022affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-21123Jun 15, 2022affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-20166Jun 15, 2022affected < 5.3.18-150200.24.129.1fixed 5.3.18-150200.24.129.1
In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An
- CVE-2022-20154Jun 15, 2022affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
- CVE-2022-20141Jun 15, 2022affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product
- CVE-2022-20132Jun 15, 2022affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges n
- CVE-2022-32296Jun 5, 2022affected < 5.3.18-150200.24.134.1fixed 5.3.18-150200.24.134.1
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.
- CVE-2022-32250Jun 2, 2022affected < 5.3.18-150200.24.129.1fixed 5.3.18-150200.24.129.1
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.
- CVE-2022-1652May 31, 2022affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a
- CVE-2022-1462May 31, 2022affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local u
- CVE-2022-1734May 18, 2022affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
- CVE-2022-29581May 17, 2022affected < 5.3.18-150200.24.129.1fixed 5.3.18-150200.24.129.1
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
Page 10 of 14