rpm package
suse/kernel-docs&distro=SUSE Linux Enterprise Module for Development Tools 15 SP3
pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3
Vulnerabilities (316)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-42719 | Hig | 8.8 | < 5.3.18-150300.59.98.1 | 5.3.18-150300.59.98.1 | Oct 13, 2022 | A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. | |
| CVE-2022-42703 | Med | 5.5 | < 5.3.18-150300.59.101.1 | 5.3.18-150300.59.101.1 | Oct 9, 2022 | mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. | |
| CVE-2022-41850 | Med | 4.7 | < 5.3.18-150300.59.106.1 | 5.3.18-150300.59.106.1 | Sep 30, 2022 | roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. | |
| CVE-2022-41849 | Med | 4.2 | < 5.3.18-150300.59.98.1 | 5.3.18-150300.59.98.1 | Sep 30, 2022 | drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. | |
| CVE-2022-41848 | Med | 4.2 | < 5.3.18-150300.59.98.1 | 5.3.18-150300.59.98.1 | Sep 30, 2022 | drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. | |
| CVE-2022-3303 | Med | 4.7 | < 5.3.18-150300.59.98.1 | 5.3.18-150300.59.98.1 | Sep 27, 2022 | A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, | |
| CVE-2022-41222 | Hig | 7.0 | < 5.3.18-150300.59.98.1 | 5.3.18-150300.59.98.1 | Sep 21, 2022 | mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move. | |
| CVE-2022-41218 | Med | 5.5 | < 5.3.18-150300.59.98.1 | 5.3.18-150300.59.98.1 | Sep 21, 2022 | In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. | |
| CVE-2022-3239 | Hig | 7.8 | < 5.3.18-150300.59.98.1 | 5.3.18-150300.59.98.1 | Sep 19, 2022 | A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | |
| CVE-2022-40768 | Med | 5.5 | < 5.3.18-150300.59.98.1 | 5.3.18-150300.59.98.1 | Sep 18, 2022 | drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | |
| CVE-2022-3176 | Hig | 7.8 | < 5.3.18-150300.59.101.1 | 5.3.18-150300.59.101.1 | Sep 16, 2022 | There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLL | |
| CVE-2022-2977 | Hig | 7.8 | < 5.3.18-150300.59.93.1 | 5.3.18-150300.59.93.1 | Sep 14, 2022 | A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate priv | |
| CVE-2022-3169 | Med | 5.5 | < 5.3.18-150300.59.98.1 | 5.3.18-150300.59.98.1 | Sep 9, 2022 | A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. | |
| CVE-2022-2964 | Hig | 7.8 | < 5.3.18-150300.59.101.1 | 5.3.18-150300.59.101.1 | Sep 9, 2022 | A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. | |
| CVE-2022-2905 | Med | 5.5 | < 5.3.18-150300.59.93.1 | 5.3.18-150300.59.93.1 | Sep 9, 2022 | An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. | |
| CVE-2022-39190 | Med | 5.5 | < 5.3.18-150300.59.93.1 | 5.3.18-150300.59.93.1 | Sep 2, 2022 | An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. | |
| CVE-2022-39189 | Hig | 7.8 | < 5.3.18-150300.59.101.1 | 5.3.18-150300.59.101.1 | Sep 2, 2022 | An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. | |
| CVE-2022-39188 | Med | 4.7 | < 5.3.18-150300.59.93.1 | 5.3.18-150300.59.93.1 | Sep 2, 2022 | An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. | |
| CVE-2022-2663 | Med | 5.3 | < 5.3.18-150300.59.93.1 | 5.3.18-150300.59.93.1 | Sep 1, 2022 | An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. | |
| CVE-2022-2639 | Hig | 7.8 | < 5.3.18-150300.59.90.1 | 5.3.18-150300.59.90.1 | Sep 1, 2022 | An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an |
- affected < 5.3.18-150300.59.98.1fixed 5.3.18-150300.59.98.1
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.
- affected < 5.3.18-150300.59.101.1fixed 5.3.18-150300.59.101.1
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
- affected < 5.3.18-150300.59.106.1fixed 5.3.18-150300.59.106.1
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
- affected < 5.3.18-150300.59.98.1fixed 5.3.18-150300.59.98.1
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.
- affected < 5.3.18-150300.59.98.1fixed 5.3.18-150300.59.98.1
drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.
- affected < 5.3.18-150300.59.98.1fixed 5.3.18-150300.59.98.1
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system,
- affected < 5.3.18-150300.59.98.1fixed 5.3.18-150300.59.98.1
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.
- affected < 5.3.18-150300.59.98.1fixed 5.3.18-150300.59.98.1
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
- affected < 5.3.18-150300.59.98.1fixed 5.3.18-150300.59.98.1
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
- affected < 5.3.18-150300.59.98.1fixed 5.3.18-150300.59.98.1
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
- affected < 5.3.18-150300.59.101.1fixed 5.3.18-150300.59.101.1
There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLL
- affected < 5.3.18-150300.59.93.1fixed 5.3.18-150300.59.93.1
A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate priv
- affected < 5.3.18-150300.59.98.1fixed 5.3.18-150300.59.98.1
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.
- affected < 5.3.18-150300.59.101.1fixed 5.3.18-150300.59.101.1
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
- affected < 5.3.18-150300.59.93.1fixed 5.3.18-150300.59.93.1
An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.
- affected < 5.3.18-150300.59.93.1fixed 5.3.18-150300.59.93.1
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.
- affected < 5.3.18-150300.59.101.1fixed 5.3.18-150300.59.101.1
An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.
- affected < 5.3.18-150300.59.93.1fixed 5.3.18-150300.59.93.1
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.
- affected < 5.3.18-150300.59.93.1fixed 5.3.18-150300.59.93.1
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
- affected < 5.3.18-150300.59.90.1fixed 5.3.18-150300.59.90.1
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an
Page 3 of 16