VYPR

rpm package

suse/kernel-livepatch-SLE15-SP2_Update_38&distro=SUSE Linux Enterprise Live Patching 15 SP2

pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_38&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2

Vulnerabilities (27)

  • CVE-2023-3268Jun 16, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.

  • CVE-2023-3161Jun 12, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.

  • CVE-2023-3159Jun 12, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.

  • CVE-2023-3141Jun 9, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.

  • CVE-2023-2002May 26, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availabil

  • CVE-2023-1077Mar 27, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a

  • CVE-2023-1249Mar 23, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected.

Page 2 of 2