VYPR

rpm package

suse/kernel-ec2&distro=SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE

pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE

Vulnerabilities (263)

  • CVE-2022-36879MedJul 27, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.

  • CVE-2020-36558MedJul 21, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.

  • CVE-2020-36557MedJul 21, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.

  • CVE-2021-33656MedJul 18, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.

  • CVE-2021-33655MedJul 18, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.

  • CVE-2022-29901MedJul 12, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code exe

  • CVE-2022-29900MedJul 12, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

  • CVE-2022-2318MedJul 6, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.

  • CVE-2022-33981LowJun 18, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.

  • CVE-2022-21180MedJun 15, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.

  • CVE-2022-21166MedJun 15, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2022-21127MedJun 15, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2022-21125MedJun 15, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2022-21123MedJun 15, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2022-20166MedJun 15, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An

  • CVE-2022-20132MedJun 15, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges n

  • CVE-2022-21499MedJun 9, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Scor

  • CVE-2022-1652HigJun 2, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a

  • CVE-2022-1462MedJun 2, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local u

  • CVE-2022-1679HigMay 16, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.