rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
Vulnerabilities (513)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1353 | Hig | 7.1 | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | Apr 29, 2022 | A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | |
| CVE-2022-1048 | Hig | 7.0 | < 4.4.180-94.161.1 | 4.4.180-94.161.1 | Apr 29, 2022 | A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat | |
| CVE-2022-28390 | Hig | 7.8 | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | Apr 3, 2022 | ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. | |
| CVE-2022-28388 | Med | 5.5 | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | Apr 3, 2022 | usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | |
| CVE-2022-0330 | Hig | 7.8 | < 4.4.180-94.153.1 | 4.4.180-94.153.1 | Mar 25, 2022 | A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. | |
| CVE-2021-4202 | Hig | 7.0 | < 4.4.180-94.153.1 | 4.4.180-94.153.1 | Mar 25, 2022 | A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalat | |
| CVE-2021-4197 | Hig | 7.8 | < 4.4.180-94.153.1 | 4.4.180-94.153.1 | Mar 23, 2022 | An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cg | |
| CVE-2021-4149 | Med | 5.5 | < 4.4.180-94.153.1 | 4.4.180-94.153.1 | Mar 23, 2022 | A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. | |
| CVE-2022-1011 | Hig | 7.8 | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | Mar 18, 2022 | A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. | |
| CVE-2021-45868 | Med | 5.5 | < 4.4.180-94.161.1 | 4.4.180-94.161.1 | Mar 18, 2022 | In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. | |
| CVE-2022-26966 | Med | 5.5 | < 4.4.180-94.161.1 | 4.4.180-94.161.1 | Mar 12, 2022 | An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. | |
| CVE-2022-0002 | Med | 6.5 | < 4.4.180-94.156.1 | 4.4.180-94.156.1 | Mar 11, 2022 | Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | |
| CVE-2022-0001 | Med | 6.5 | < 4.4.180-94.156.1 | 4.4.180-94.156.1 | Mar 11, 2022 | Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | |
| CVE-2022-23042 | Hig | 7.0 | < 4.4.180-94.161.1 | 4.4.180-94.161.1 | Mar 10, 2022 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access | |
| CVE-2022-23041 | Hig | 7.0 | < 4.4.180-94.161.1 | 4.4.180-94.161.1 | Mar 10, 2022 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access | |
| CVE-2022-23040 | Hig | 7.0 | < 4.4.180-94.161.1 | 4.4.180-94.161.1 | Mar 10, 2022 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access | |
| CVE-2022-23039 | Hig | 7.0 | < 4.4.180-94.161.1 | 4.4.180-94.161.1 | Mar 10, 2022 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access | |
| CVE-2022-23038 | Hig | 7.0 | < 4.4.180-94.161.1 | 4.4.180-94.161.1 | Mar 10, 2022 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access | |
| CVE-2022-23037 | Hig | 7.0 | < 4.4.180-94.161.1 | 4.4.180-94.161.1 | Mar 10, 2022 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access | |
| CVE-2022-23036 | Hig | 7.0 | < 4.4.180-94.161.1 | 4.4.180-94.161.1 | Mar 10, 2022 | Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access |
- affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
- affected < 4.4.180-94.161.1fixed 4.4.180-94.161.1
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
- affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
- affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
- affected < 4.4.180-94.153.1fixed 4.4.180-94.153.1
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
- affected < 4.4.180-94.153.1fixed 4.4.180-94.153.1
A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalat
- affected < 4.4.180-94.153.1fixed 4.4.180-94.153.1
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cg
- affected < 4.4.180-94.153.1fixed 4.4.180-94.153.1
A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem.
- affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
- affected < 4.4.180-94.161.1fixed 4.4.180-94.161.1
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.
- affected < 4.4.180-94.161.1fixed 4.4.180-94.161.1
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.
- affected < 4.4.180-94.156.1fixed 4.4.180-94.156.1
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
- affected < 4.4.180-94.156.1fixed 4.4.180-94.156.1
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
- affected < 4.4.180-94.161.1fixed 4.4.180-94.161.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
- affected < 4.4.180-94.161.1fixed 4.4.180-94.161.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
- affected < 4.4.180-94.161.1fixed 4.4.180-94.161.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
- affected < 4.4.180-94.161.1fixed 4.4.180-94.161.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
- affected < 4.4.180-94.161.1fixed 4.4.180-94.161.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
- affected < 4.4.180-94.161.1fixed 4.4.180-94.161.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
- affected < 4.4.180-94.161.1fixed 4.4.180-94.161.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
Page 2 of 26