rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP5
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5
Vulnerabilities (4,709)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1048 | Hig | 7.0 | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Apr 29, 2022 | A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat | |
| CVE-2022-0995 | Hig | 7.8 | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Mar 25, 2022 | An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. | |
| CVE-2022-0500 | Hig | 7.8 | < 5.14.21-150500.55.80.2 | 5.14.21-150500.55.80.2 | Mar 25, 2022 | A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system. | |
| CVE-2022-0854 | Med | 5.5 | < 5.14.21-150500.55.133.1 | 5.14.21-150500.55.133.1 | Mar 23, 2022 | A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. | |
| CVE-2021-4148 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | Mar 23, 2022 | A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem. | |
| CVE-2022-23222 | Hig | 7.8 | < 5.14.21-150500.55.80.2 | 5.14.21-150500.55.80.2 | Jan 14, 2022 | kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. | |
| CVE-2021-43527 | Cri | 9.8 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | Dec 8, 2021 | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. | |
| CVE-2020-26555 | Med | 5.4 | < 5.14.21-150500.55.44.1 | 5.14.21-150500.55.44.1 | May 24, 2021 | Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN. | |
| CVE-2017-5753 | Med | 5.6 | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. |
- affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
- affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.
- affected < 5.14.21-150500.55.80.2fixed 5.14.21-150500.55.80.2
A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.
- affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.
- affected < 5.14.21-150500.55.80.2fixed 5.14.21-150500.55.80.2
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted.
- affected < 5.14.21-150500.55.44.1fixed 5.14.21-150500.55.44.1
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
- affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Page 236 of 236