VYPR

rpm package

suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP4

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4

Vulnerabilities (2,888)

  • CVE-2022-2964Sep 9, 2022
    affected < 5.14.21-150400.24.33.2fixed 5.14.21-150400.24.33.2

    A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.

  • CVE-2022-2905Sep 9, 2022
    affected < 5.14.21-150400.24.21.2fixed 5.14.21-150400.24.21.2

    An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.

  • CVE-2022-39190Sep 2, 2022
    affected < 5.14.21-150400.24.21.2fixed 5.14.21-150400.24.21.2

    An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.

  • CVE-2022-39189Sep 2, 2022
    affected < 5.14.21-150400.24.28.1fixed 5.14.21-150400.24.28.1

    An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.

  • CVE-2022-39188Sep 2, 2022
    affected < 5.14.21-150400.24.21.2fixed 5.14.21-150400.24.21.2

    An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.

  • CVE-2022-3078Sep 1, 2022
    affected < 5.14.21-150400.24.21.2fixed 5.14.21-150400.24.21.2

    An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.

  • CVE-2022-2639Sep 1, 2022
    affected < 5.14.21-150400.24.21.2fixed 5.14.21-150400.24.21.2

    An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an

  • CVE-2022-2663Sep 1, 2022
    affected < 5.14.21-150400.24.21.2fixed 5.14.21-150400.24.21.2

    An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.

  • CVE-2022-1729Sep 1, 2022
    affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1

    A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

  • CVE-2022-1508Aug 31, 2022
    affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1

    An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds.

  • CVE-2022-1263Aug 31, 2022
    affected < 5.14.21-150400.24.28.1fixed 5.14.21-150400.24.28.1

    A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.

  • CVE-2022-1205Aug 31, 2022
    affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1

    A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

  • CVE-2022-1974Aug 31, 2022
    affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1

    A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.

  • CVE-2022-3028Aug 31, 2022
    affected < 5.14.21-150400.24.21.2fixed 5.14.21-150400.24.21.2

    A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory

  • CVE-2022-2153Aug 31, 2022
    affected < 5.14.21-150400.24.33.2fixed 5.14.21-150400.24.33.2

    A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl

  • CVE-2022-1198Aug 29, 2022
    affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1

    A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.

  • CVE-2022-1016Aug 29, 2022
    affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1

    A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

  • CVE-2022-1184Aug 29, 2022
    affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1

    A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.

  • CVE-2022-0168Aug 26, 2022
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to cr

  • CVE-2022-2959Aug 25, 2022
    affected < 5.14.21-150400.24.21.2fixed 5.14.21-150400.24.21.2

    A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a lo

Page 141 of 145