VYPR

rpm package

suse/kernel-default-base&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS

Vulnerabilities (181)

  • CVE-2022-28693MedFeb 14, 2025
    affected < 5.3.18-150300.59.106.1.150300.18.60.2fixed 5.3.18-150300.59.106.1.150300.18.60.2

    Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

  • CVE-2023-4134Nov 14, 2024
    affected < 5.3.18-150300.59.133.1.150300.18.78.1fixed 5.3.18-150300.59.133.1.150300.18.78.1

    A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of ser

  • CVE-2023-39197Jan 23, 2024
    affected < 5.3.18-150300.59.144.1.150300.18.84.1fixed 5.3.18-150300.59.144.1.150300.18.84.1

    An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.

  • CVE-2022-2602Jan 8, 2024
    affected < 5.3.18-150300.59.106.1.150300.18.60.2fixed 5.3.18-150300.59.106.1.150300.18.60.2

    io_uring UAF, Unix SCM garbage collection

  • CVE-2023-34324Jan 5, 2024
    affected < 5.3.18-150300.59.141.2.150300.18.82.2fixed 5.3.18-150300.59.141.2.150300.18.82.2

    Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. t

  • CVE-2023-6176Nov 16, 2023
    affected < 5.3.18-150300.59.144.1.150300.18.84.1fixed 5.3.18-150300.59.144.1.150300.18.84.1

    A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escal

  • CVE-2023-39198Nov 9, 2023
    affected < 5.3.18-150300.59.144.1.150300.18.84.1fixed 5.3.18-150300.59.144.1.150300.18.84.1

    A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the ret

  • CVE-2023-1192Nov 1, 2023
    affected < 5.3.18-150300.59.138.1.150300.18.80.2fixed 5.3.18-150300.59.138.1.150300.18.80.2

    A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access

  • CVE-2023-5717Oct 25, 2023
    affected < 5.3.18-150300.59.144.1.150300.18.84.1fixed 5.3.18-150300.59.144.1.150300.18.84.1

    A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can i

  • CVE-2023-45871Oct 15, 2023
    affected < 5.3.18-150300.59.144.1.150300.18.84.1fixed 5.3.18-150300.59.144.1.150300.18.84.1

    An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.

  • CVE-2023-45863Oct 14, 2023
    affected < 5.3.18-150300.59.144.1.150300.18.84.1fixed 5.3.18-150300.59.144.1.150300.18.84.1

    An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.

  • CVE-2023-45862Oct 14, 2023
    affected < 5.3.18-150300.59.141.2.150300.18.82.2fixed 5.3.18-150300.59.141.2.150300.18.82.2

    An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.

  • CVE-2023-39194Oct 9, 2023
    affected < 5.3.18-150300.59.141.2.150300.18.82.2fixed 5.3.18-150300.59.141.2.150300.18.82.2

    A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds re

  • CVE-2023-39193Oct 9, 2023
    affected < 5.3.18-150300.59.141.2.150300.18.82.2fixed 5.3.18-150300.59.141.2.150300.18.82.2

    A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.

  • CVE-2023-39192Oct 9, 2023
    affected < 5.3.18-150300.59.141.2.150300.18.82.2fixed 5.3.18-150300.59.141.2.150300.18.82.2

    A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundarie

  • CVE-2023-39189Oct 9, 2023
    affected < 5.3.18-150300.59.141.2.150300.18.82.2fixed 5.3.18-150300.59.141.2.150300.18.82.2

    A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or inform

  • CVE-2023-42754Oct 5, 2023
    affected < 5.3.18-150300.59.141.2.150300.18.82.2fixed 5.3.18-150300.59.141.2.150300.18.82.2

    A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with C

  • CVE-2023-42753Sep 25, 2023
    affected < 5.3.18-150300.59.138.1.150300.18.80.2fixed 5.3.18-150300.59.138.1.150300.18.80.2

    An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This iss

  • CVE-2023-34319Sep 22, 2023
    affected < 5.3.18-150300.59.133.1.150300.18.78.1fixed 5.3.18-150300.59.133.1.150300.18.78.1

    The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split

  • CVE-2023-2163Sep 20, 2023
    affected < 5.3.18-150300.59.141.2.150300.18.82.2fixed 5.3.18-150300.59.141.2.150300.18.82.2

    Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.

Page 1 of 10