rpm package

suse/kernel-docs&distro=SUSE Linux Enterprise Software Development Kit 12 SP5

pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Vulnerabilities (1,486)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-3358	—	< 4.12.14-122.165.1	4.12.14-122.165.1	Jun 28, 2023	A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.
CVE-2023-35827	—	< 4.12.14-122.201.1	4.12.14-122.201.1	Jun 18, 2023	An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.
CVE-2023-35824	—	< 4.12.14-122.165.1	4.12.14-122.165.1	Jun 18, 2023	An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
CVE-2023-3268	—	< 4.12.14-122.165.1	4.12.14-122.165.1	Jun 16, 2023	An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
CVE-2023-3161	—	< 4.12.14-122.165.1	4.12.14-122.165.1	Jun 12, 2023	A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.
CVE-2023-3159	—	< 4.12.14-122.165.1	4.12.14-122.165.1	Jun 12, 2023	A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.
CVE-2023-3141	—	< 4.12.14-122.165.1	4.12.14-122.165.1	Jun 9, 2023	A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
CVE-2023-3111	—	< 4.12.14-122.165.1	4.12.14-122.165.1	Jun 5, 2023	A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().
CVE-2023-2985	—	< 4.12.14-122.173.1	4.12.14-122.173.1	Jun 1, 2023	A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.
CVE-2023-2002	—	< 4.12.14-122.165.1	4.12.14-122.165.1	May 26, 2023	A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availabil
CVE-2023-0459	—	< 4.12.14-122.173.1	4.12.14-122.173.1	May 25, 2023	Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commi
CVE-2023-1859	—	< 4.12.14-122.179.1	4.12.14-122.179.1	May 17, 2023	A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak.
CVE-2023-2124	—	< 4.12.14-122.159.1	4.12.14-122.159.1	May 15, 2023	An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2023-2513	—	< 4.12.14-122.162.1	4.12.14-122.162.1	May 8, 2023	A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
CVE-2023-32269	—	< 4.12.14-122.162.1	4.12.14-122.162.1	May 5, 2023	An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing con
CVE-2023-31436	—	< 4.12.14-122.162.1	4.12.14-122.162.1	Apr 28, 2023	qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
CVE-2023-0045	—	< 4.12.14-122.150.1	4.12.14-122.150.1	Apr 25, 2023	The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only
CVE-2023-2269	—	< 4.12.14-122.162.1	4.12.14-122.162.1	Apr 25, 2023	A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.
CVE-2023-31085	—	< 4.12.14-122.183.1	4.12.14-122.183.1	Apr 24, 2023	An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.
CVE-2023-31084	—	< 4.12.14-122.162.1	4.12.14-122.162.1	Apr 24, 2023	An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_

CVE-2023-3358Jun 28, 2023
affected < 4.12.14-122.165.1fixed 4.12.14-122.165.1
A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.
CVE-2023-35827Jun 18, 2023
affected < 4.12.14-122.201.1fixed 4.12.14-122.201.1
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.
CVE-2023-35824Jun 18, 2023
affected < 4.12.14-122.165.1fixed 4.12.14-122.165.1
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
CVE-2023-3268Jun 16, 2023
affected < 4.12.14-122.165.1fixed 4.12.14-122.165.1
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
CVE-2023-3161Jun 12, 2023
affected < 4.12.14-122.165.1fixed 4.12.14-122.165.1
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.
CVE-2023-3159Jun 12, 2023
affected < 4.12.14-122.165.1fixed 4.12.14-122.165.1
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.
CVE-2023-3141Jun 9, 2023
affected < 4.12.14-122.165.1fixed 4.12.14-122.165.1
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
CVE-2023-3111Jun 5, 2023
affected < 4.12.14-122.165.1fixed 4.12.14-122.165.1
A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().
CVE-2023-2985Jun 1, 2023
affected < 4.12.14-122.173.1fixed 4.12.14-122.173.1
A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.
CVE-2023-2002May 26, 2023
affected < 4.12.14-122.165.1fixed 4.12.14-122.165.1
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availabil
CVE-2023-0459May 25, 2023
affected < 4.12.14-122.173.1fixed 4.12.14-122.173.1
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commi
CVE-2023-1859May 17, 2023
affected < 4.12.14-122.179.1fixed 4.12.14-122.179.1
A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak.
CVE-2023-2124May 15, 2023
affected < 4.12.14-122.159.1fixed 4.12.14-122.159.1
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2023-2513May 8, 2023
affected < 4.12.14-122.162.1fixed 4.12.14-122.162.1
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
CVE-2023-32269May 5, 2023
affected < 4.12.14-122.162.1fixed 4.12.14-122.162.1
An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing con
CVE-2023-31436Apr 28, 2023
affected < 4.12.14-122.162.1fixed 4.12.14-122.162.1
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
CVE-2023-0045Apr 25, 2023
affected < 4.12.14-122.150.1fixed 4.12.14-122.150.1
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only
CVE-2023-2269Apr 25, 2023
affected < 4.12.14-122.162.1fixed 4.12.14-122.162.1
A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.
CVE-2023-31085Apr 24, 2023
affected < 4.12.14-122.183.1fixed 4.12.14-122.183.1
An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.
CVE-2023-31084Apr 24, 2023
affected < 4.12.14-122.162.1fixed 4.12.14-122.162.1
An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_

Page 48 of 75