rpm package

suse/kernel-livepatch-SLE15-SP1_Update_32&distro=SUSE Linux Enterprise Live Patching 15 SP1

pkg:rpm/suse/kernel-livepatch-SLE15-SP1_Update_32&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP1

Vulnerabilities (31)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-2588		—	< 4-150100.2.1	4-150100.2.1	Jan 8, 2024	It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
CVE-2023-31436		—	< 11-150100.2.2	11-150100.2.2	Apr 28, 2023	qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
CVE-2023-1390		—	< 11-150100.2.2	11-150100.2.2	Mar 16, 2023	A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in
CVE-2023-28466		—	< 11-150100.2.2	11-150100.2.2	Mar 15, 2023	do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
CVE-2022-3424		—	< 6-150100.2.1	6-150100.2.1	Mar 6, 2023	A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate
CVE-2023-23455		—	< 11-150100.2.2	11-150100.2.2	Jan 12, 2023	atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVE-2022-4378		—	< 5-150100.2.1	5-150100.2.1	Jan 5, 2023	A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-43945	Hig	7.5	< 5-150100.2.1	5-150100.2.1	Nov 4, 2022	The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client c
CVE-2022-3586		—	< 5-150100.2.1	5-150100.2.1	Oct 19, 2022	A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to cra
CVE-2022-3545		—	< 5-150100.2.1	5-150100.2.1	Oct 17, 2022	A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is re
CVE-2022-42703		—	< 4-150100.2.1	4-150100.2.1	Oct 9, 2022	mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
CVE-2022-41218		—	< 5-150100.2.1	5-150100.2.1	Sep 21, 2022	In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
CVE-2022-39188		—	< 3-150100.2.2	3-150100.2.2	Sep 2, 2022	An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.
CVE-2022-36946		—	< 2-150100.2.1	2-150100.2.1	Jul 27, 2022	nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
CVE-2021-33655		—	< 4-150100.2.1	4-150100.2.1	Jul 18, 2022	When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.
CVE-2022-29900		—	< 1-150100.3.3.1	1-150100.3.3.1	Jul 12, 2022	Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
CVE-2022-29901		—	< 1-150100.3.3.1	1-150100.3.3.1	Jul 12, 2022	Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code exe
CVE-2022-2318		—	< 1-150100.3.3.1	1-150100.3.3.1	Jul 6, 2022	There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.
CVE-2022-33742		—	< 1-150100.3.3.1	1-150100.3.3.1	Jul 5, 2022	Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-202
CVE-2022-33741		—	< 1-150100.3.3.1	1-150100.3.3.1	Jul 5, 2022	Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-202

CVE-2022-2588Jan 8, 2024
affected < 4-150100.2.1fixed 4-150100.2.1
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
CVE-2023-31436Apr 28, 2023
affected < 11-150100.2.2fixed 11-150100.2.2
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
CVE-2023-1390Mar 16, 2023
affected < 11-150100.2.2fixed 11-150100.2.2
A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in
CVE-2023-28466Mar 15, 2023
affected < 11-150100.2.2fixed 11-150100.2.2
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
CVE-2022-3424Mar 6, 2023
affected < 6-150100.2.1fixed 6-150100.2.1
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate
CVE-2023-23455Jan 12, 2023
affected < 11-150100.2.2fixed 11-150100.2.2
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVE-2022-4378Jan 5, 2023
affected < 5-150100.2.1fixed 5-150100.2.1
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-43945HigNov 4, 2022
affected < 5-150100.2.1fixed 5-150100.2.1
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client c
CVE-2022-3586Oct 19, 2022
affected < 5-150100.2.1fixed 5-150100.2.1
A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to cra
CVE-2022-3545Oct 17, 2022
affected < 5-150100.2.1fixed 5-150100.2.1
A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is re
CVE-2022-42703Oct 9, 2022
affected < 4-150100.2.1fixed 4-150100.2.1
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
CVE-2022-41218Sep 21, 2022
affected < 5-150100.2.1fixed 5-150100.2.1
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
CVE-2022-39188Sep 2, 2022
affected < 3-150100.2.2fixed 3-150100.2.2
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.
CVE-2022-36946Jul 27, 2022
affected < 2-150100.2.1fixed 2-150100.2.1
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.
CVE-2021-33655Jul 18, 2022
affected < 4-150100.2.1fixed 4-150100.2.1
When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.
CVE-2022-29900Jul 12, 2022
affected < 1-150100.3.3.1fixed 1-150100.3.3.1
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
CVE-2022-29901Jul 12, 2022
affected < 1-150100.3.3.1fixed 1-150100.3.3.1
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code exe
CVE-2022-2318Jul 6, 2022
affected < 1-150100.3.3.1fixed 1-150100.3.3.1
There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.
CVE-2022-33742Jul 5, 2022
affected < 1-150100.3.3.1fixed 1-150100.3.3.1
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-202
CVE-2022-33741Jul 5, 2022
affected < 1-150100.3.3.1fixed 1-150100.3.3.1
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-202

Page 1 of 2