rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Micro 5.0
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.0
Vulnerabilities (174)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-34981 | — | < 5.3.18-24.96.1 | 5.3.18-24.96.1 | May 7, 2024 | Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target s | ||
| CVE-2022-22942 | — | < 5.3.18-24.102.1 | 5.3.18-24.102.1 | Dec 13, 2023 | The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. | ||
| CVE-2022-1016 | — | < 5.3.18-150200.24.112.1 | 5.3.18-150200.24.112.1 | Aug 29, 2022 | A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. | ||
| CVE-2022-0850 | — | < 5.3.18-150200.24.112.1 | 5.3.18-150200.24.112.1 | Aug 29, 2022 | A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. | ||
| CVE-2021-3669 | — | < 5.3.18-24.86.2 | 5.3.18-24.86.2 | Aug 26, 2022 | A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | ||
| CVE-2021-3764 | — | < 5.3.18-24.86.2 | 5.3.18-24.86.2 | Aug 23, 2022 | A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. | ||
| CVE-2021-3759 | — | < 5.3.18-24.83.2 | 5.3.18-24.83.2 | Aug 23, 2022 | A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highe | ||
| CVE-2021-3659 | — | < 5.3.18-24.78.1 | 5.3.18-24.78.1 | Aug 22, 2022 | A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. | ||
| CVE-2021-4135 | — | < 5.3.18-24.99.1 | 5.3.18-24.99.1 | Jul 14, 2022 | A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. | ||
| CVE-2022-1048 | — | < 5.3.18-150200.24.112.1 | 5.3.18-150200.24.112.1 | Apr 29, 2022 | A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat | ||
| CVE-2022-28388 | — | < 5.3.18-150200.24.112.1 | 5.3.18-150200.24.112.1 | Apr 3, 2022 | usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | ||
| CVE-2022-28389 | — | < 5.3.18-150200.24.112.1 | 5.3.18-150200.24.112.1 | Apr 3, 2022 | mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. | ||
| CVE-2022-28390 | — | < 5.3.18-150200.24.112.1 | 5.3.18-150200.24.112.1 | Apr 3, 2022 | ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. | ||
| CVE-2022-1055 | — | < 5.3.18-150200.24.112.1 | 5.3.18-150200.24.112.1 | Mar 29, 2022 | A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 | ||
| CVE-2022-0322 | — | < 5.3.18-24.99.1 | 5.3.18-24.99.1 | Mar 25, 2022 | A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of s | ||
| CVE-2021-4202 | — | < 5.3.18-24.99.1 | 5.3.18-24.99.1 | Mar 25, 2022 | A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalat | ||
| CVE-2022-0435 | — | < 5.3.18-24.102.1 | 5.3.18-24.102.1 | Mar 25, 2022 | A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate | ||
| CVE-2022-0330 | — | < 5.3.18-24.102.1 | 5.3.18-24.102.1 | Mar 25, 2022 | A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. | ||
| CVE-2021-4149 | — | < 5.3.18-24.99.1 | 5.3.18-24.99.1 | Mar 23, 2022 | A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. | ||
| CVE-2021-4197 | — | < 5.3.18-24.99.1 | 5.3.18-24.99.1 | Mar 23, 2022 | An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cg |
- CVE-2021-34981May 7, 2024affected < 5.3.18-24.96.1fixed 5.3.18-24.96.1
Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target s
- CVE-2022-22942Dec 13, 2023affected < 5.3.18-24.102.1fixed 5.3.18-24.102.1
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
- CVE-2022-1016Aug 29, 2022affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
- CVE-2022-0850Aug 29, 2022affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.
- CVE-2021-3669Aug 26, 2022affected < 5.3.18-24.86.2fixed 5.3.18-24.86.2
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.
- CVE-2021-3764Aug 23, 2022affected < 5.3.18-24.86.2fixed 5.3.18-24.86.2
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
- CVE-2021-3759Aug 23, 2022affected < 5.3.18-24.83.2fixed 5.3.18-24.83.2
A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highe
- CVE-2021-3659Aug 22, 2022affected < 5.3.18-24.78.1fixed 5.3.18-24.78.1
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.
- CVE-2021-4135Jul 14, 2022affected < 5.3.18-24.99.1fixed 5.3.18-24.99.1
A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data.
- CVE-2022-1048Apr 29, 2022affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
- CVE-2022-28388Apr 3, 2022affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
- CVE-2022-28389Apr 3, 2022affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
- CVE-2022-28390Apr 3, 2022affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
- CVE-2022-1055Mar 29, 2022affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
- CVE-2022-0322Mar 25, 2022affected < 5.3.18-24.99.1fixed 5.3.18-24.99.1
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of s
- CVE-2021-4202Mar 25, 2022affected < 5.3.18-24.99.1fixed 5.3.18-24.99.1
A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalat
- CVE-2022-0435Mar 25, 2022affected < 5.3.18-24.102.1fixed 5.3.18-24.102.1
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate
- CVE-2022-0330Mar 25, 2022affected < 5.3.18-24.102.1fixed 5.3.18-24.102.1
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
- CVE-2021-4149Mar 23, 2022affected < 5.3.18-24.99.1fixed 5.3.18-24.99.1
A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.
- CVE-2021-4197Mar 23, 2022affected < 5.3.18-24.99.1fixed 5.3.18-24.99.1
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cg
Page 1 of 9