rpm package
suse/kernel-docs&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS
Vulnerabilities (2,318)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-33951 | — | < 5.14.21-150500.55.91.1 | 5.14.21-150500.55.91.1 | Jul 24, 2023 | A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information | ||
| CVE-2023-3567 | — | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Jul 24, 2023 | A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. | ||
| CVE-2023-33952 | — | < 5.14.21-150500.55.91.1 | 5.14.21-150500.55.91.1 | Jul 24, 2023 | A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local priv | ||
| CVE-2023-31248 | — | < 5.14.21-150500.55.124.1 | 5.14.21-150500.55.124.1 | Jul 5, 2023 | Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace | ||
| CVE-2023-3111 | — | < 5.14.21-150500.55.113.1 | 5.14.21-150500.55.113.1 | Jun 5, 2023 | A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). | ||
| CVE-2023-28410 | — | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | May 10, 2023 | Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2023-28328 | — | < 5.14.21-150500.55.124.1 | 5.14.21-150500.55.124.1 | Apr 19, 2023 | A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially caus | ||
| CVE-2023-2162 | — | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Apr 19, 2023 | A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. | ||
| CVE-2023-1382 | — | < 5.14.21-150500.55.91.1 | 5.14.21-150500.55.91.1 | Apr 19, 2023 | A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. | ||
| CVE-2023-1990 | — | < 5.14.21-150500.55.110.1 | 5.14.21-150500.55.110.1 | Apr 12, 2023 | A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. | ||
| CVE-2023-1652 | Hig | 7.1 | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Mar 29, 2023 | A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem. | |
| CVE-2023-28866 | — | < 5.14.21-150500.55.110.1 | 5.14.21-150500.55.110.1 | Mar 27, 2023 | In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not. | ||
| CVE-2023-1380 | — | < 5.14.21-150500.55.124.1 | 5.14.21-150500.55.124.1 | Mar 27, 2023 | A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading t | ||
| CVE-2023-0179 | — | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Mar 27, 2023 | A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. | ||
| CVE-2022-4095 | — | < 5.14.21-150500.55.113.1 | 5.14.21-150500.55.113.1 | Mar 22, 2023 | A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. | ||
| CVE-2023-23559 | — | < 5.14.21-150500.55.133.1 | 5.14.21-150500.55.133.1 | Jan 13, 2023 | In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. | ||
| CVE-2022-4662 | — | < 5.14.21-150500.55.113.1 | 5.14.21-150500.55.113.1 | Dec 22, 2022 | A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. | ||
| CVE-2022-3903 | — | < 5.14.21-150500.55.113.1 | 5.14.21-150500.55.113.1 | Nov 14, 2022 | An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the syst | ||
| CVE-2022-43945 | Hig | 7.5 | < 5.14.21-150500.55.124.1 | 5.14.21-150500.55.124.1 | Nov 4, 2022 | The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client c | |
| CVE-2022-3640 | — | < 5.14.21-150500.55.110.1 | 5.14.21-150500.55.110.1 | Oct 21, 2022 | A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. |
- CVE-2023-33951Jul 24, 2023affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1
A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information
- CVE-2023-3567Jul 24, 2023affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
- CVE-2023-33952Jul 24, 2023affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1
A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local priv
- CVE-2023-31248Jul 5, 2023affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
- CVE-2023-3111Jun 5, 2023affected < 5.14.21-150500.55.113.1fixed 5.14.21-150500.55.113.1
A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().
- CVE-2023-28410May 10, 2023affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2023-28328Apr 19, 2023affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially caus
- CVE-2023-2162Apr 19, 2023affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
- CVE-2023-1382Apr 19, 2023affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1
A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.
- CVE-2023-1990Apr 12, 2023affected < 5.14.21-150500.55.110.1fixed 5.14.21-150500.55.110.1
A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.
- affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.
- CVE-2023-28866Mar 27, 2023affected < 5.14.21-150500.55.110.1fixed 5.14.21-150500.55.110.1
In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.
- CVE-2023-1380Mar 27, 2023affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading t
- CVE-2023-0179Mar 27, 2023affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
- CVE-2022-4095Mar 22, 2023affected < 5.14.21-150500.55.113.1fixed 5.14.21-150500.55.113.1
A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.
- CVE-2023-23559Jan 13, 2023affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
- CVE-2022-4662Dec 22, 2022affected < 5.14.21-150500.55.113.1fixed 5.14.21-150500.55.113.1
A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.
- CVE-2022-3903Nov 14, 2022affected < 5.14.21-150500.55.113.1fixed 5.14.21-150500.55.113.1
An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the syst
- affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client c
- CVE-2022-3640Oct 21, 2022affected < 5.14.21-150500.55.110.1fixed 5.14.21-150500.55.110.1
A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue.
Page 115 of 116