rpm package
suse/kernel-livepatch-SLE15-SP1_Update_35&distro=SUSE Linux Enterprise Live Patching 15 SP1
pkg:rpm/suse/kernel-livepatch-SLE15-SP1_Update_35&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP1
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-41218 | — | < 1-150100.3.3.1 | 1-150100.3.3.1 | Sep 21, 2022 | In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. | ||
| CVE-2022-3239 | — | < 1-150100.3.3.1 | 1-150100.3.3.1 | Sep 19, 2022 | A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | ||
| CVE-2022-2503 | — | < 1-150100.3.3.1 | 1-150100.3.3.1 | Aug 12, 2022 | Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equiva | ||
| CVE-2022-32296 | — | < 1-150100.3.3.1 | 1-150100.3.3.1 | Jun 5, 2022 | The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. | ||
| CVE-2022-20008 | — | < 1-150100.3.3.1 | 1-150100.3.3.1 | May 10, 2022 | In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is no |
- CVE-2022-41218Sep 21, 2022affected < 1-150100.3.3.1fixed 1-150100.3.3.1
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
- CVE-2022-3239Sep 19, 2022affected < 1-150100.3.3.1fixed 1-150100.3.3.1
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
- CVE-2022-2503Aug 12, 2022affected < 1-150100.3.3.1fixed 1-150100.3.3.1
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equiva
- CVE-2022-32296Jun 5, 2022affected < 1-150100.3.3.1fixed 1-150100.3.3.1
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.
- CVE-2022-20008May 10, 2022affected < 1-150100.3.3.1fixed 1-150100.3.3.1
In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is no
Page 2 of 2