VYPR

rpm package

suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP5

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5

Vulnerabilities (4,709)

  • CVE-2023-1095MedFeb 28, 2023
    affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1

    In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer deref

  • CVE-2023-22998MedFeb 28, 2023
    affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1

    In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

  • CVE-2023-0461HigFeb 28, 2023
    affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1

    There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege

  • CVE-2023-26545MedFeb 25, 2023
    affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1

    In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

  • CVE-2023-0597MedFeb 23, 2023
    affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1

    A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected l

  • CVE-2023-25012MedFeb 2, 2023
    affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1

    The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.

  • CVE-2023-0469MedJan 26, 2023
    affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1

    A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service.

  • CVE-2023-0394MedJan 26, 2023
    affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1

    A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.

  • CVE-2023-0122HigJan 17, 2023
    affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1

    A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Affected versions v6.0-rc1 to v6.0-rc3, fixed in v6.0-rc4.

  • CVE-2023-23559HigJan 13, 2023
    affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

    In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.

  • CVE-2022-4382MedJan 10, 2023
    affected < 5.14.21-150500.55.80.2fixed 5.14.21-150500.55.80.2

    A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side.

  • CVE-2022-4662MedDec 22, 2022
    affected < 5.14.21-150500.55.113.1fixed 5.14.21-150500.55.113.1

    A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.

  • CVE-2022-4269MedDec 5, 2022
    affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1

    A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in

  • CVE-2022-45934HigNov 27, 2022
    affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1

    An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.

  • CVE-2022-45919HigNov 27, 2022
    affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1

    An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.

  • CVE-2022-45887MedNov 25, 2022
    affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.

  • CVE-2022-45886HigNov 25, 2022
    affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.

  • CVE-2022-45885HigNov 25, 2022
    affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.

  • CVE-2022-45884HigNov 25, 2022
    affected < 5.14.21-150500.55.7.1fixed 5.14.21-150500.55.7.1

    An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.

  • CVE-2022-3903MedNov 14, 2022
    affected < 5.14.21-150500.55.113.1fixed 5.14.21-150500.55.113.1

    An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the syst