rpm package
suse/kernel-livepatch-SLE15-SP2_Update_27&distro=SUSE Linux Enterprise Live Patching 15 SP2
pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_27&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2
Vulnerabilities (52)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1679 | — | < 4-150200.2.1 | 4-150200.2.1 | May 16, 2022 | A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||
| CVE-2022-30594 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | May 12, 2022 | The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | ||
| CVE-2022-1516 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | May 5, 2022 | A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s | ||
| CVE-2022-1353 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Apr 29, 2022 | A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | ||
| CVE-2022-28893 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Apr 11, 2022 | The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. | ||
| CVE-2022-1011 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Mar 18, 2022 | A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. | ||
| CVE-2021-39698 | — | < 2-150200.2.2 | 2-150200.2.2 | Mar 16, 2022 | In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android ke | ||
| CVE-2020-36516 | — | < 5-150200.2.1 | 5-150200.2.1 | Feb 26, 2022 | An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. | ||
| CVE-2021-20321 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Feb 18, 2022 | A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. | ||
| CVE-2021-33061 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Feb 9, 2022 | Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. | ||
| CVE-2020-26541 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Oct 2, 2020 | The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. | ||
| CVE-2019-19377 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Nov 29, 2019 | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. |
- CVE-2022-1679May 16, 2022affected < 4-150200.2.1fixed 4-150200.2.1
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
- CVE-2022-30594May 12, 2022affected < 1-150200.5.3.1fixed 1-150200.5.3.1
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
- CVE-2022-1516May 5, 2022affected < 1-150200.5.3.1fixed 1-150200.5.3.1
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s
- CVE-2022-1353Apr 29, 2022affected < 1-150200.5.3.1fixed 1-150200.5.3.1
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
- CVE-2022-28893Apr 11, 2022affected < 1-150200.5.3.1fixed 1-150200.5.3.1
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
- CVE-2022-1011Mar 18, 2022affected < 1-150200.5.3.1fixed 1-150200.5.3.1
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
- CVE-2021-39698Mar 16, 2022affected < 2-150200.2.2fixed 2-150200.2.2
In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android ke
- CVE-2020-36516Feb 26, 2022affected < 5-150200.2.1fixed 5-150200.2.1
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
- CVE-2021-20321Feb 18, 2022affected < 1-150200.5.3.1fixed 1-150200.5.3.1
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
- CVE-2021-33061Feb 9, 2022affected < 1-150200.5.3.1fixed 1-150200.5.3.1
Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2020-26541Oct 2, 2020affected < 1-150200.5.3.1fixed 1-150200.5.3.1
The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
- CVE-2019-19377Nov 29, 2019affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
Page 3 of 3