rpm package

suse/kernel-livepatch-SLE15-SP1_Update_37&distro=SUSE Linux Enterprise Live Patching 15 SP1

pkg:rpm/suse/kernel-livepatch-SLE15-SP1_Update_37&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP1

Vulnerabilities (10)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-31436	—	< 5-150100.2.2	5-150100.2.2	Apr 28, 2023	qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
CVE-2023-1390	—	< 5-150100.2.2	5-150100.2.2	Mar 16, 2023	A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in
CVE-2023-28466	—	< 5-150100.2.2	5-150100.2.2	Mar 15, 2023	do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
CVE-2023-26545	—	< 2-150100.2.3	2-150100.2.3	Feb 25, 2023	In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
CVE-2022-47929	—	< 1-150100.3.3.1	1-150100.3.3.1	Jan 17, 2023	In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This aff
CVE-2023-23454	—	< 1-150100.3.3.1	1-150100.3.3.1	Jan 12, 2023	cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVE-2022-4662	—	< 1-150100.3.3.1	1-150100.3.3.1	Dec 22, 2022	A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.
CVE-2022-3108	—	< 1-150100.3.3.1	1-150100.3.3.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
CVE-2022-3107	—	< 1-150100.3.3.1	1-150100.3.3.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.
CVE-2022-3564	—	< 1-150100.3.3.1	1-150100.3.3.1	Oct 17, 2022	A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to

CVE-2023-31436Apr 28, 2023
affected < 5-150100.2.2fixed 5-150100.2.2
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
CVE-2023-1390Mar 16, 2023
affected < 5-150100.2.2fixed 5-150100.2.2
A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in
CVE-2023-28466Mar 15, 2023
affected < 5-150100.2.2fixed 5-150100.2.2
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
CVE-2023-26545Feb 25, 2023
affected < 2-150100.2.3fixed 2-150100.2.3
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
CVE-2022-47929Jan 17, 2023
affected < 1-150100.3.3.1fixed 1-150100.3.3.1
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This aff
CVE-2023-23454Jan 12, 2023
affected < 1-150100.3.3.1fixed 1-150100.3.3.1
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVE-2022-4662Dec 22, 2022
affected < 1-150100.3.3.1fixed 1-150100.3.3.1
A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.
CVE-2022-3108Dec 14, 2022
affected < 1-150100.3.3.1fixed 1-150100.3.3.1
An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
CVE-2022-3107Dec 14, 2022
affected < 1-150100.3.3.1fixed 1-150100.3.3.1
An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.
CVE-2022-3564Oct 17, 2022
affected < 1-150100.3.3.1fixed 1-150100.3.3.1
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to