VYPR

rpm package

suse/kernel-livepatch-SLE15-SP2_Update_33&distro=SUSE Linux Enterprise Live Patching 15 SP2

pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_33&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2

Vulnerabilities (29)

  • CVE-2023-6932HigDec 19, 2023
    affected < 11-150200.2.2fixed 11-150200.2.2

    A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recomme

  • CVE-2023-6176Nov 16, 2023
    affected < 11-150200.2.2fixed 11-150200.2.2

    A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escal

  • CVE-2023-4273Aug 9, 2023
    affected < 8-150200.2.2fixed 8-150200.2.2

    A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a si

  • CVE-2023-3812Jul 24, 2023
    affected < 8-150200.2.2fixed 8-150200.2.2

    An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on t

  • CVE-2023-3776Jul 21, 2023
    affected < 8-150200.2.2fixed 8-150200.2.2

    A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_b

  • CVE-2023-3609Jul 21, 2023
    affected < 8-150200.2.2fixed 8-150200.2.2

    A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf

  • CVE-2023-31436Apr 28, 2023
    affected < 5-150200.2.2fixed 5-150200.2.2

    qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

  • CVE-2023-1829Apr 12, 2023
    affected < 8-150200.2.2fixed 8-150200.2.2

    A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying struc

  • CVE-2022-4744Mar 30, 2023
    affected < 5-150200.2.2fixed 5-150200.2.2

    A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the

  • CVE-2023-1078Mar 27, 2023
    affected < 2-150200.2.3fixed 2-150200.2.3

    A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_inf

  • CVE-2023-1390Mar 16, 2023
    affected < 5-150200.2.2fixed 5-150200.2.2

    A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in

  • CVE-2023-28466Mar 15, 2023
    affected < 5-150200.2.2fixed 5-150200.2.2

    do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

  • CVE-2023-26545Feb 25, 2023
    affected < 2-150200.2.3fixed 2-150200.2.3

    In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

  • CVE-2023-0266KEVJan 30, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgradin

  • CVE-2022-47929Jan 17, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This aff

  • CVE-2023-23455Jan 12, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

  • CVE-2023-23454Jan 12, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

  • CVE-2022-4662Dec 22, 2022
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.

  • CVE-2022-47520Dec 18, 2022
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink

  • CVE-2022-3115Dec 14, 2022
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.

Page 1 of 2