rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Real Time 15 SP2
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2
Vulnerabilities (41)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-23039 | — | < 5.3.18-150200.24.112.1 | 5.3.18-150200.24.112.1 | Mar 10, 2022 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access | ||
| CVE-2022-23038 | — | < 5.3.18-150200.24.112.1 | 5.3.18-150200.24.112.1 | Mar 10, 2022 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access | ||
| CVE-2022-23037 | — | < 5.3.18-150200.24.112.1 | 5.3.18-150200.24.112.1 | Mar 10, 2022 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access | ||
| CVE-2022-23036 | — | < 5.3.18-150200.24.112.1 | 5.3.18-150200.24.112.1 | Mar 10, 2022 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access | ||
| CVE-2022-0516 | — | < 5.3.18-24.107.1 | 5.3.18-24.107.1 | Mar 8, 2022 | A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions pri | ||
| CVE-2022-0847 | — | KEV | < 5.3.18-24.107.1 | 5.3.18-24.107.1 | Mar 7, 2022 | A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to | |
| CVE-2022-26490 | — | < 5.3.18-150200.24.112.1 | 5.3.18-150200.24.112.1 | Mar 6, 2022 | st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. | ||
| CVE-2022-0492 | — | < 5.3.18-24.107.1 | 5.3.18-24.107.1 | Mar 3, 2022 | A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpecte | ||
| CVE-2022-25375 | — | < 5.3.18-24.107.1 | 5.3.18-24.107.1 | Feb 20, 2022 | An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. | ||
| CVE-2022-0617 | — | < 5.3.18-24.107.1 | 5.3.18-24.107.1 | Feb 16, 2022 | A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. | ||
| CVE-2022-25258 | — | < 5.3.18-24.107.1 | 5.3.18-24.107.1 | Feb 16, 2022 | An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory cor | ||
| CVE-2021-44879 | — | < 5.3.18-24.107.1 | 5.3.18-24.107.1 | Feb 13, 2022 | In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. | ||
| CVE-2022-24958 | — | < 5.3.18-24.107.1 | 5.3.18-24.107.1 | Feb 11, 2022 | drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. | ||
| CVE-2022-24959 | — | < 5.3.18-24.107.1 | 5.3.18-24.107.1 | Feb 11, 2022 | An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. | ||
| CVE-2022-0487 | — | < 5.3.18-24.107.1 | 5.3.18-24.107.1 | Feb 4, 2022 | A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. | ||
| CVE-2022-24448 | — | < 5.3.18-24.107.1 | 5.3.18-24.107.1 | Feb 4, 2022 | An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns | ||
| CVE-2021-22600 | — | KEV | < 5.3.18-24.102.1 | 5.3.18-24.102.1 | Jan 26, 2022 | A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 | |
| CVE-2021-45095 | — | < 5.3.18-24.102.1 | 5.3.18-24.102.1 | Dec 16, 2021 | pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. | ||
| CVE-2021-39657 | — | < 5.3.18-24.102.1 | 5.3.18-24.102.1 | Dec 15, 2021 | In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: | ||
| CVE-2021-39648 | — | < 5.3.18-24.102.1 | 5.3.18-24.102.1 | Dec 15, 2021 | In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio |
- CVE-2022-23039Mar 10, 2022affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
- CVE-2022-23038Mar 10, 2022affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
- CVE-2022-23037Mar 10, 2022affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
- CVE-2022-23036Mar 10, 2022affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
- CVE-2022-0516Mar 8, 2022affected < 5.3.18-24.107.1fixed 5.3.18-24.107.1
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions pri
- affected < 5.3.18-24.107.1fixed 5.3.18-24.107.1
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to
- CVE-2022-26490Mar 6, 2022affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
- CVE-2022-0492Mar 3, 2022affected < 5.3.18-24.107.1fixed 5.3.18-24.107.1
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpecte
- CVE-2022-25375Feb 20, 2022affected < 5.3.18-24.107.1fixed 5.3.18-24.107.1
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.
- CVE-2022-0617Feb 16, 2022affected < 5.3.18-24.107.1fixed 5.3.18-24.107.1
A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.
- CVE-2022-25258Feb 16, 2022affected < 5.3.18-24.107.1fixed 5.3.18-24.107.1
An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory cor
- CVE-2021-44879Feb 13, 2022affected < 5.3.18-24.107.1fixed 5.3.18-24.107.1
In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.
- CVE-2022-24958Feb 11, 2022affected < 5.3.18-24.107.1fixed 5.3.18-24.107.1
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.
- CVE-2022-24959Feb 11, 2022affected < 5.3.18-24.107.1fixed 5.3.18-24.107.1
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.
- CVE-2022-0487Feb 4, 2022affected < 5.3.18-24.107.1fixed 5.3.18-24.107.1
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.
- CVE-2022-24448Feb 4, 2022affected < 5.3.18-24.107.1fixed 5.3.18-24.107.1
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns
- affected < 5.3.18-24.102.1fixed 5.3.18-24.102.1
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
- CVE-2021-45095Dec 16, 2021affected < 5.3.18-24.102.1fixed 5.3.18-24.102.1
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.
- CVE-2021-39657Dec 15, 2021affected < 5.3.18-24.102.1fixed 5.3.18-24.102.1
In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:
- CVE-2021-39648Dec 15, 2021affected < 5.3.18-24.102.1fixed 5.3.18-24.102.1
In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio
Page 2 of 3