VYPR

rpm package

suse/kernel-livepatch-SLE15-SP2_Update_32&distro=SUSE Linux Enterprise Live Patching 15 SP2

pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_32&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2

Vulnerabilities (66)

  • CVE-2023-28466Mar 15, 2023
    affected < 6-150200.2.2fixed 6-150200.2.2

    do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

  • CVE-2022-3707Mar 6, 2023
    affected < 1-150200.5.5.1fixed 1-150200.5.5.1

    A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.

  • CVE-2022-3424Mar 6, 2023
    affected < 1-150200.5.5.1fixed 1-150200.5.5.1

    A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate

  • CVE-2023-1118Mar 2, 2023
    affected < 4-150200.2.2fixed 4-150200.2.2

    A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

  • CVE-2023-0461Feb 28, 2023
    affected < 5-150200.2.3fixed 5-150200.2.3

    There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege

  • CVE-2023-26545Feb 25, 2023
    affected < 3-150200.2.3fixed 3-150200.2.3

    In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

  • CVE-2023-0266KEVJan 30, 2023
    affected < 3-150200.2.3fixed 3-150200.2.3

    A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgradin

  • CVE-2022-4139Jan 27, 2023
    affected < 1-150200.5.5.1fixed 1-150200.5.5.1

    An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.

  • CVE-2022-41858Jan 17, 2023
    affected < 1-150200.5.5.1fixed 1-150200.5.5.1

    A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.

  • CVE-2023-23455Jan 12, 2023
    affected < 6-150200.2.2fixed 6-150200.2.2

    atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

  • CVE-2023-23454Jan 12, 2023
    affected < 5-150200.2.3fixed 5-150200.2.3

    cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

  • CVE-2022-3628Jan 12, 2023
    affected < 1-150200.5.5.1fixed 1-150200.5.5.1

    A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.

  • CVE-2022-4378Jan 5, 2023
    affected < 1-150200.5.5.1fixed 1-150200.5.5.1

    A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.

  • CVE-2022-4129Nov 28, 2022
    affected < 1-150200.5.5.1fixed 1-150200.5.5.1

    A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.

  • CVE-2022-45934Nov 27, 2022
    affected < 1-150200.5.5.1fixed 1-150200.5.5.1

    An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.

  • CVE-2022-42896Nov 23, 2022
    affected < 1-150200.5.5.1fixed 1-150200.5.5.1

    There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leakin

  • CVE-2022-42895Nov 23, 2022
    affected < 1-150200.5.5.1fixed 1-150200.5.5.1

    There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit  https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba31

  • CVE-2022-3903Nov 14, 2022
    affected < 1-150200.5.5.1fixed 1-150200.5.5.1

    An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the syst

  • CVE-2022-43945HigNov 4, 2022
    affected < 1-150200.5.5.1fixed 1-150200.5.5.1

    The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client c

  • CVE-2022-43750Oct 26, 2022
    affected < 1-150200.5.5.1fixed 1-150200.5.5.1

    drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.