rpm package
suse/kernel-docs&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
Vulnerabilities (1,350)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1016 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Aug 29, 2022 | A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. | ||
| CVE-2022-1184 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Aug 29, 2022 | A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. | ||
| CVE-2022-0168 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Aug 26, 2022 | A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to cr | ||
| CVE-2022-2978 | — | < 5.3.18-150300.59.221.1 | 5.3.18-150300.59.221.1 | Aug 24, 2022 | A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on | ||
| CVE-2022-2938 | — | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Aug 23, 2022 | A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. | ||
| CVE-2022-20368 | — | < 5.3.18-150300.59.174.1 | 5.3.18-150300.59.174.1 | Aug 11, 2022 | Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel | ||
| CVE-2022-29900 | — | < 5.3.18-150300.59.106.1 | 5.3.18-150300.59.106.1 | Jul 12, 2022 | Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. | ||
| CVE-2022-29901 | — | < 5.3.18-150300.59.106.1 | 5.3.18-150300.59.106.1 | Jul 12, 2022 | Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code exe | ||
| CVE-2022-20154 | — | < 5.3.18-150300.59.153.2 | 5.3.18-150300.59.153.2 | Jun 15, 2022 | In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: | ||
| CVE-2022-20132 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | Jun 15, 2022 | In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges n | ||
| CVE-2022-1195 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | Apr 29, 2022 | A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. | ||
| CVE-2022-1048 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Apr 29, 2022 | A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat | ||
| CVE-2022-0435 | — | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Mar 25, 2022 | A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate | ||
| CVE-2022-0854 | — | < 5.3.18-150300.59.174.1 | 5.3.18-150300.59.174.1 | Mar 23, 2022 | A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. | ||
| CVE-2021-39698 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | Mar 16, 2022 | In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android ke | ||
| CVE-2021-3743 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | Mar 4, 2022 | An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat | ||
| CVE-2022-0487 | — | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Feb 4, 2022 | A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. | ||
| CVE-2021-43527 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | Dec 8, 2021 | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. | ||
| CVE-2021-43389 | — | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Nov 4, 2021 | An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. | ||
| CVE-2021-43056 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | Oct 28, 2021 | An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. |
- CVE-2022-1016Aug 29, 2022affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
- CVE-2022-1184Aug 29, 2022affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
- CVE-2022-0168Aug 26, 2022affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to cr
- CVE-2022-2978Aug 24, 2022affected < 5.3.18-150300.59.221.1fixed 5.3.18-150300.59.221.1
A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on
- CVE-2022-2938Aug 23, 2022affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.
- CVE-2022-20368Aug 11, 2022affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1
Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel
- CVE-2022-29900Jul 12, 2022affected < 5.3.18-150300.59.106.1fixed 5.3.18-150300.59.106.1
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
- CVE-2022-29901Jul 12, 2022affected < 5.3.18-150300.59.106.1fixed 5.3.18-150300.59.106.1
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code exe
- CVE-2022-20154Jun 15, 2022affected < 5.3.18-150300.59.153.2fixed 5.3.18-150300.59.153.2
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
- CVE-2022-20132Jun 15, 2022affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges n
- CVE-2022-1195Apr 29, 2022affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.
- CVE-2022-1048Apr 29, 2022affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
- CVE-2022-0435Mar 25, 2022affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate
- CVE-2022-0854Mar 23, 2022affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
- CVE-2021-39698Mar 16, 2022affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android ke
- CVE-2021-3743Mar 4, 2022affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat
- CVE-2022-0487Feb 4, 2022affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.
- CVE-2021-43527Dec 8, 2021affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted.
- CVE-2021-43389Nov 4, 2021affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
- CVE-2021-43056Oct 28, 2021affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.
Page 67 of 68