rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP3
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3
Vulnerabilities (1,750)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-1077 | Hig | 7.0 | < 5.3.18-150300.59.127.1 | 5.3.18-150300.59.127.1 | Mar 27, 2023 | In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a | |
| CVE-2023-1076 | Med | 5.5 | < 5.3.18-150300.59.118.1 | 5.3.18-150300.59.118.1 | Mar 27, 2023 | A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user o | |
| CVE-2023-1075 | Low | 3.3 | < 5.3.18-150300.59.118.1 | 5.3.18-150300.59.118.1 | Mar 27, 2023 | A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready. | |
| CVE-2021-3923 | Low | 2.3 | < 5.3.18-150300.59.118.1 | 5.3.18-150300.59.118.1 | Mar 27, 2023 | A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user info | |
| CVE-2020-36691 | Med | 5.5 | < 5.3.18-150300.59.121.2 | 5.3.18-150300.59.121.2 | Mar 24, 2023 | An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. | |
| CVE-2023-1513 | Low | 3.3 | < 5.3.18-150300.59.118.1 | 5.3.18-150300.59.118.1 | Mar 23, 2023 | A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. | |
| CVE-2023-1249 | Med | 5.5 | < 5.3.18-150300.59.127.1 | 5.3.18-150300.59.127.1 | Mar 23, 2023 | A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. | |
| CVE-2023-0590 | Med | 4.7 | < 5.3.18-150300.59.115.2 | 5.3.18-150300.59.115.2 | Mar 23, 2023 | A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. | |
| CVE-2023-28772 | Med | 6.7 | < 5.3.18-150300.59.118.1 | 5.3.18-150300.59.118.1 | Mar 23, 2023 | An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. | |
| CVE-2022-4095 | Hig | 7.8 | < 5.3.18-150300.59.106.1 | 5.3.18-150300.59.106.1 | Mar 22, 2023 | A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. | |
| CVE-2023-1281 | Hig | 7.8 | < 5.3.18-150300.59.118.1 | 5.3.18-150300.59.118.1 | Mar 22, 2023 | Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A l | |
| CVE-2023-1390 | Hig | 7.5 | < 5.3.18-150300.59.118.1 | 5.3.18-150300.59.118.1 | Mar 16, 2023 | A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in | |
| CVE-2023-28466 | Hig | 7.0 | < 5.3.18-150300.59.118.1 | 5.3.18-150300.59.118.1 | Mar 16, 2023 | do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). | |
| CVE-2022-3707 | Med | 5.5 | < 5.3.18-150300.59.106.1 | 5.3.18-150300.59.106.1 | Mar 6, 2023 | A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. | |
| CVE-2022-3424 | Hig | 7.8 | < 5.3.18-150300.59.101.1 | 5.3.18-150300.59.101.1 | Mar 6, 2023 | A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate | |
| CVE-2023-1118 | Hig | 7.8 | < 5.3.18-150300.59.115.2 | 5.3.18-150300.59.115.2 | Mar 2, 2023 | A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | |
| CVE-2023-23006 | Med | 5.5 | < 5.3.18-150300.59.115.2 | 5.3.18-150300.59.115.2 | Mar 1, 2023 | In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | |
| CVE-2023-23004 | Med | 5.5 | < 5.3.18-150300.59.118.1 | 5.3.18-150300.59.118.1 | Mar 1, 2023 | In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | |
| CVE-2023-23000 | Med | 5.5 | < 5.3.18-150300.59.115.2 | 5.3.18-150300.59.115.2 | Mar 1, 2023 | In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used. | |
| CVE-2023-1095 | Med | 5.5 | < 5.3.18-150300.59.118.1 | 5.3.18-150300.59.118.1 | Feb 28, 2023 | In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer deref |
- affected < 5.3.18-150300.59.127.1fixed 5.3.18-150300.59.127.1
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a
- affected < 5.3.18-150300.59.118.1fixed 5.3.18-150300.59.118.1
A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user o
- affected < 5.3.18-150300.59.118.1fixed 5.3.18-150300.59.118.1
A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.
- affected < 5.3.18-150300.59.118.1fixed 5.3.18-150300.59.118.1
A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user info
- affected < 5.3.18-150300.59.121.2fixed 5.3.18-150300.59.121.2
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.
- affected < 5.3.18-150300.59.118.1fixed 5.3.18-150300.59.118.1
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
- affected < 5.3.18-150300.59.127.1fixed 5.3.18-150300.59.127.1
A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected.
- affected < 5.3.18-150300.59.115.2fixed 5.3.18-150300.59.115.2
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
- affected < 5.3.18-150300.59.118.1fixed 5.3.18-150300.59.118.1
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
- affected < 5.3.18-150300.59.106.1fixed 5.3.18-150300.59.106.1
A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.
- affected < 5.3.18-150300.59.118.1fixed 5.3.18-150300.59.118.1
Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A l
- affected < 5.3.18-150300.59.118.1fixed 5.3.18-150300.59.118.1
A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in
- affected < 5.3.18-150300.59.118.1fixed 5.3.18-150300.59.118.1
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
- affected < 5.3.18-150300.59.106.1fixed 5.3.18-150300.59.106.1
A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.
- affected < 5.3.18-150300.59.101.1fixed 5.3.18-150300.59.101.1
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate
- affected < 5.3.18-150300.59.115.2fixed 5.3.18-150300.59.115.2
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
- affected < 5.3.18-150300.59.115.2fixed 5.3.18-150300.59.115.2
In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
- affected < 5.3.18-150300.59.118.1fixed 5.3.18-150300.59.118.1
In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
- affected < 5.3.18-150300.59.115.2fixed 5.3.18-150300.59.115.2
In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.
- affected < 5.3.18-150300.59.118.1fixed 5.3.18-150300.59.118.1
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer deref
Page 70 of 88