rpm package
suse/kernel-default&distro=SUSE OpenStack Cloud Crowbar 8
pkg:rpm/suse/kernel-default&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
Vulnerabilities (347)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-34981 | — | < 4.4.180-94.150.1 | 4.4.180-94.150.1 | May 7, 2024 | Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target s | ||
| CVE-2022-1729 | — | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | Sep 1, 2022 | A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. | ||
| CVE-2022-1975 | — | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | Aug 31, 2022 | There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. | ||
| CVE-2022-1974 | — | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | Aug 31, 2022 | A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. | ||
| CVE-2022-1016 | — | < 4.4.180-94.161.1 | 4.4.180-94.161.1 | Aug 29, 2022 | A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. | ||
| CVE-2022-0850 | — | < 4.4.180-94.161.1 | 4.4.180-94.161.1 | Aug 29, 2022 | A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. | ||
| CVE-2022-1184 | — | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | Aug 29, 2022 | A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. | ||
| CVE-2021-4155 | — | < 4.4.180-94.153.1 | 4.4.180-94.153.1 | Aug 24, 2022 | A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. | ||
| CVE-2021-3659 | — | < 4.4.180-94.150.1 | 4.4.180-94.150.1 | Aug 22, 2022 | A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. | ||
| CVE-2022-21180 | — | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | Jun 15, 2022 | Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access. | ||
| CVE-2022-21166 | — | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | Jun 15, 2022 | Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2022-21127 | — | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | Jun 15, 2022 | Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2022-21125 | — | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | Jun 15, 2022 | Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2022-21123 | — | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | Jun 15, 2022 | Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2022-21499 | — | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | Jun 9, 2022 | KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Scor | ||
| CVE-2022-1652 | — | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | May 31, 2022 | Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a | ||
| CVE-2022-1419 | — | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | May 31, 2022 | The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. | ||
| CVE-2022-1734 | — | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | May 18, 2022 | A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. | ||
| CVE-2022-30594 | — | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | May 12, 2022 | The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | ||
| CVE-2022-1516 | — | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | May 5, 2022 | A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s |
- CVE-2021-34981May 7, 2024affected < 4.4.180-94.150.1fixed 4.4.180-94.150.1
Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target s
- CVE-2022-1729Sep 1, 2022affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
- CVE-2022-1975Aug 31, 2022affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.
- CVE-2022-1974Aug 31, 2022affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.
- CVE-2022-1016Aug 29, 2022affected < 4.4.180-94.161.1fixed 4.4.180-94.161.1
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
- CVE-2022-0850Aug 29, 2022affected < 4.4.180-94.161.1fixed 4.4.180-94.161.1
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.
- CVE-2022-1184Aug 29, 2022affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
- CVE-2021-4155Aug 24, 2022affected < 4.4.180-94.153.1fixed 4.4.180-94.153.1
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.
- CVE-2021-3659Aug 22, 2022affected < 4.4.180-94.150.1fixed 4.4.180-94.150.1
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.
- CVE-2022-21180Jun 15, 2022affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.
- CVE-2022-21166Jun 15, 2022affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-21127Jun 15, 2022affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-21125Jun 15, 2022affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-21123Jun 15, 2022affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-21499Jun 9, 2022affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Scor
- CVE-2022-1652May 31, 2022affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a
- CVE-2022-1419May 31, 2022affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.
- CVE-2022-1734May 18, 2022affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
- CVE-2022-30594May 12, 2022affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
- CVE-2022-1516May 5, 2022affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s
Page 1 of 18