VYPR

rpm package

suse/kernel-livepatch-SLE15-SP2_Update_32&distro=SUSE Linux Enterprise Live Patching 15 SP2

pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_32&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2

Vulnerabilities (66)

  • CVE-2022-28693MedFeb 14, 2025
    affected < 1-150200.5.5.1fixed 1-150200.5.5.1

    Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

  • CVE-2022-2602Jan 8, 2024
    affected < 1-150200.5.5.1fixed 1-150200.5.5.1

    io_uring UAF, Unix SCM garbage collection

  • CVE-2023-2163Sep 20, 2023
    affected < 11-150200.2.2fixed 11-150200.2.2

    Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.

  • CVE-2023-4622Sep 6, 2023
    affected < 11-150200.2.2fixed 11-150200.2.2

    A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where uni

  • CVE-2023-4273Aug 9, 2023
    affected < 9-150200.2.2fixed 9-150200.2.2

    A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a si

  • CVE-2023-3812Jul 24, 2023
    affected < 9-150200.2.2fixed 9-150200.2.2

    An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on t

  • CVE-2023-3776Jul 21, 2023
    affected < 9-150200.2.2fixed 9-150200.2.2

    A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_b

  • CVE-2023-3609Jul 21, 2023
    affected < 9-150200.2.2fixed 9-150200.2.2

    A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf

  • CVE-2023-31436Apr 28, 2023
    affected < 6-150200.2.2fixed 6-150200.2.2

    qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

  • CVE-2023-2162Apr 19, 2023
    affected < 5-150200.2.3fixed 5-150200.2.3

    A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.

  • CVE-2023-1872Apr 12, 2023
    affected < 5-150200.2.3fixed 5-150200.2.3

    A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files

  • CVE-2023-1829Apr 12, 2023
    affected < 9-150200.2.2fixed 9-150200.2.2

    A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying struc

  • CVE-2023-1989Apr 11, 2023
    affected < 5-150200.2.3fixed 5-150200.2.3

    A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.

  • CVE-2023-28464Mar 31, 2023
    affected < 5-150200.2.3fixed 5-150200.2.3

    hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.

  • CVE-2022-4744Mar 30, 2023
    affected < 6-150200.2.2fixed 6-150200.2.2

    A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the

  • CVE-2023-1078Mar 27, 2023
    affected < 3-150200.2.3fixed 3-150200.2.3

    A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_inf

  • CVE-2023-0590Mar 23, 2023
    affected < 4-150200.2.2fixed 4-150200.2.2

    A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.

  • CVE-2023-1281Mar 22, 2023
    affected < 5-150200.2.3fixed 5-150200.2.3

    Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A l

  • CVE-2022-4095Mar 22, 2023
    affected < 1-150200.5.5.1fixed 1-150200.5.5.1

    A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.

  • CVE-2023-1390Mar 16, 2023
    affected < 6-150200.2.2fixed 6-150200.2.2

    A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in

Page 1 of 4