rpm package
suse/kernel-livepatch-SLE15-SP2_Update_21&distro=SUSE Linux Enterprise Live Patching 15 SP2
pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_21&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2
Vulnerabilities (54)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3772 | — | < 1-5.3.5 | 1-5.3.5 | Mar 2, 2022 | A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. | ||
| CVE-2020-36516 | — | < 15-150200.2.2 | 15-150200.2.2 | Feb 26, 2022 | An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. | ||
| CVE-2021-20322 | — | < 2-2.1 | 2-2.1 | Feb 18, 2022 | A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomizat | ||
| CVE-2021-3760 | — | < 1-5.3.5 | 1-5.3.5 | Feb 16, 2022 | A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. | ||
| CVE-2022-0185 | — | KEV | < 3-2.2 | 3-2.2 | Feb 11, 2022 | A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced | |
| CVE-2021-22600 | — | KEV | < 5-2.1 | 5-2.1 | Jan 26, 2022 | A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 | |
| CVE-2021-4083 | — | < 4-2.2 | 4-2.2 | Jan 18, 2022 | A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalat | ||
| CVE-2021-0920 | — | KEV | < 5-2.1 | 5-2.1 | Dec 15, 2021 | In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro | |
| CVE-2021-43056 | — | < 1-5.3.5 | 1-5.3.5 | Oct 28, 2021 | An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. | ||
| CVE-2021-42739 | — | < 1-5.3.5 | 1-5.3.5 | Oct 20, 2021 | The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. | ||
| CVE-2021-42252 | — | < 1-5.3.5 | 1-5.3.5 | Oct 11, 2021 | An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1 | ||
| CVE-2021-42008 | — | < 1-5.3.5 | 1-5.3.5 | Oct 4, 2021 | The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. | ||
| CVE-2021-41864 | — | < 1-5.3.5 | 1-5.3.5 | Oct 1, 2021 | prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. | ||
| CVE-2021-3655 | — | < 1-5.3.5 | 1-5.3.5 | Aug 5, 2021 | A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. |
- CVE-2021-3772Mar 2, 2022affected < 1-5.3.5fixed 1-5.3.5
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
- CVE-2020-36516Feb 26, 2022affected < 15-150200.2.2fixed 15-150200.2.2
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
- CVE-2021-20322Feb 18, 2022affected < 2-2.1fixed 2-2.1
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomizat
- CVE-2021-3760Feb 16, 2022affected < 1-5.3.5fixed 1-5.3.5
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.
- affected < 3-2.2fixed 3-2.2
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced
- affected < 5-2.1fixed 5-2.1
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
- CVE-2021-4083Jan 18, 2022affected < 4-2.2fixed 4-2.2
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalat
- affected < 5-2.1fixed 5-2.1
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro
- CVE-2021-43056Oct 28, 2021affected < 1-5.3.5fixed 1-5.3.5
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.
- CVE-2021-42739Oct 20, 2021affected < 1-5.3.5fixed 1-5.3.5
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
- CVE-2021-42252Oct 11, 2021affected < 1-5.3.5fixed 1-5.3.5
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1
- CVE-2021-42008Oct 4, 2021affected < 1-5.3.5fixed 1-5.3.5
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
- CVE-2021-41864Oct 1, 2021affected < 1-5.3.5fixed 1-5.3.5
prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write.
- CVE-2021-3655Aug 5, 2021affected < 1-5.3.5fixed 1-5.3.5
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
Page 3 of 3