VYPR

rpm package

suse/kernel-livepatch-SLE15-SP1_Update_30&distro=SUSE Linux Enterprise Live Patching 15 SP1

pkg:rpm/suse/kernel-livepatch-SLE15-SP1_Update_30&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP1

Vulnerabilities (45)

  • CVE-2022-21499MedJun 9, 2022
    affected < 5-150100.2.3fixed 5-150100.2.3

    KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Scor

  • CVE-2022-1652HigJun 2, 2022
    affected < 8-150100.2.2fixed 8-150100.2.2

    Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a

  • CVE-2022-1419HigJun 2, 2022
    affected < 6-150100.2.2fixed 6-150100.2.2

    The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.

  • CVE-2022-1734HigMay 18, 2022
    affected < 4-150100.2.2fixed 4-150100.2.2

    A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.

  • CVE-2022-29581HigMay 17, 2022
    affected < 8-150100.2.2fixed 8-150100.2.2

    Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.

  • CVE-2022-1679HigMay 16, 2022
    affected < 6-150100.2.2fixed 6-150100.2.2

    A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.

  • CVE-2022-30594HigMay 12, 2022
    affected < 3-150100.2.2fixed 3-150100.2.2

    The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.

  • CVE-2022-1048HigApr 29, 2022
    affected < 1-150100.3.3.1fixed 1-150100.3.3.1

    A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat

  • CVE-2022-28390HigApr 3, 2022
    affected < 1-150100.3.3.1fixed 1-150100.3.3.1

    ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.

  • CVE-2022-28389MedApr 3, 2022
    affected < 1-150100.3.3.1fixed 1-150100.3.3.1

    mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.

  • CVE-2022-28388MedApr 3, 2022
    affected < 1-150100.3.3.1fixed 1-150100.3.3.1

    usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.

  • CVE-2022-28356MedApr 2, 2022
    affected < 1-150100.3.3.1fixed 1-150100.3.3.1

    In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.

  • CVE-2022-1011HigMar 18, 2022
    affected < 2-150100.2.1fixed 2-150100.2.1

    A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

  • CVE-2021-45868MedMar 18, 2022
    affected < 1-150100.3.3.1fixed 1-150100.3.3.1

    In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.

  • CVE-2021-39713HigMar 16, 2022
    affected < 1-150100.3.3.1fixed 1-150100.3.3.1

    Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel

  • CVE-2022-26966MedMar 12, 2022
    affected < 1-150100.3.3.1fixed 1-150100.3.3.1

    An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.

  • CVE-2022-23042HigMar 10, 2022
    affected < 1-150100.3.3.1fixed 1-150100.3.3.1

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access

  • CVE-2022-23041HigMar 10, 2022
    affected < 1-150100.3.3.1fixed 1-150100.3.3.1

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access

  • CVE-2022-23040HigMar 10, 2022
    affected < 1-150100.3.3.1fixed 1-150100.3.3.1

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access

  • CVE-2022-23039HigMar 10, 2022
    affected < 1-150100.3.3.1fixed 1-150100.3.3.1

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access