VYPR

rpm package

suse/kernel-docs&distro=SUSE Linux Enterprise High Performance Computing 15-ESPOS

pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS

Vulnerabilities (387)

  • CVE-2022-20154MedJun 15, 2022
    affected < 4.12.14-150000.150.95.1fixed 4.12.14-150000.150.95.1

    In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:

  • CVE-2022-20141HigJun 15, 2022
    affected < 4.12.14-150000.150.95.1fixed 4.12.14-150000.150.95.1

    In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product

  • CVE-2022-20132MedJun 15, 2022
    affected < 4.12.14-150000.150.95.1fixed 4.12.14-150000.150.95.1

    In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges n

  • CVE-2022-21499MedJun 9, 2022
    affected < 4.12.14-150000.150.92.2fixed 4.12.14-150000.150.92.2

    KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Scor

  • CVE-2022-1652HigJun 2, 2022
    affected < 4.12.14-150000.150.92.2fixed 4.12.14-150000.150.92.2

    Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a

  • CVE-2022-1462MedJun 2, 2022
    affected < 4.12.14-150000.150.98.2fixed 4.12.14-150000.150.98.2

    An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local u

  • CVE-2022-1419HigJun 2, 2022
    affected < 4.12.14-150000.150.92.2fixed 4.12.14-150000.150.92.2

    The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.

  • CVE-2022-1734HigMay 18, 2022
    affected < 4.12.14-150000.150.92.2fixed 4.12.14-150000.150.92.2

    A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.

  • CVE-2022-1679HigMay 16, 2022
    affected < 4.12.14-150000.150.95.1fixed 4.12.14-150000.150.95.1

    A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.

  • CVE-2022-30594HigMay 12, 2022
    affected < 4.12.14-150000.150.92.2fixed 4.12.14-150000.150.92.2

    The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.

  • CVE-2022-1516MedMay 5, 2022
    affected < 4.12.14-150000.150.92.2fixed 4.12.14-150000.150.92.2

    A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s

  • CVE-2022-1353HigApr 29, 2022
    affected < 4.12.14-150000.150.92.2fixed 4.12.14-150000.150.92.2

    A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.

  • CVE-2022-1048HigApr 29, 2022
    affected < 4.12.14-150000.150.89.1fixed 4.12.14-150000.150.89.1

    A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat

  • CVE-2022-28390HigApr 3, 2022
    affected < 4.12.14-150000.150.89.1fixed 4.12.14-150000.150.89.1

    ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.

  • CVE-2022-28389MedApr 3, 2022
    affected < 4.12.14-150000.150.89.1fixed 4.12.14-150000.150.89.1

    mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.

  • CVE-2022-28388MedApr 3, 2022
    affected < 4.12.14-150000.150.89.1fixed 4.12.14-150000.150.89.1

    usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.

  • CVE-2022-28356MedApr 2, 2022
    affected < 4.12.14-150000.150.89.1fixed 4.12.14-150000.150.89.1

    In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.

  • CVE-2022-0435HigMar 25, 2022
    affected < 4.12.14-150.83.1fixed 4.12.14-150.83.1

    A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate

  • CVE-2022-0330HigMar 25, 2022
    affected < 4.12.14-150.83.1fixed 4.12.14-150.83.1

    A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

  • CVE-2022-0322MedMar 25, 2022
    affected < 4.12.14-150.83.1fixed 4.12.14-150.83.1

    A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of s

Page 5 of 20