VYPR

rpm package

suse/kernel-livepatch-SLE15-SP2_Update_39&distro=SUSE Linux Enterprise Live Patching 15 SP2

pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_39&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2

Vulnerabilities (25)

  • CVE-2024-35950MedMay 20, 2024
    affected < 13-150200.2.1fixed 13-150200.2.1

    In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes[] with dev->mode_config.mutex The modes[] array contains pointers to modes on the connectors' mode lists, which are protected by dev->mode_config.mutex. Thus we need to extend mo

  • CVE-2024-27398HigMay 14, 2024
    affected < 13-150200.2.1fixed 13-150200.2.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge whether the sco disconnection

  • CVE-2023-51779HigFeb 29, 2024
    affected < 7-150200.2.3fixed 7-150200.2.3

    bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.

  • CVE-2024-1086HigKEVJan 31, 2024
    affected < 9-150200.2.1fixed 9-150200.2.1

    A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cau

  • CVE-2024-0775MedJan 22, 2024
    affected < 9-150200.2.1fixed 9-150200.2.1

    A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.

  • CVE-2023-6531HigJan 21, 2024
    affected < 7-150200.2.3fixed 7-150200.2.3

    A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.

  • CVE-2023-5717HigOct 25, 2023
    affected < 9-150200.2.1fixed 9-150200.2.1

    A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can i

  • CVE-2023-34319HigSep 22, 2023
    affected < 1-150200.5.3.2fixed 1-150200.5.3.2

    The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split

  • CVE-2023-4623HigSep 6, 2023
    affected < 3-150200.2.1fixed 3-150200.2.1

    A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curv

  • CVE-2022-40982MedAug 11, 2023
    affected < 1-150200.5.3.2fixed 1-150200.5.3.2

    Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2023-4273MedAug 9, 2023
    affected < 2-150200.2.1fixed 2-150200.2.1

    A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a si

  • CVE-2023-20569MedAug 8, 2023
    affected < 1-150200.5.3.2fixed 1-150200.5.3.2

    A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.

  • CVE-2023-4194MedAug 7, 2023
    affected < 1-150200.5.3.2fixed 1-150200.5.3.2

    A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following ups

  • CVE-2023-4133MedAug 3, 2023
    affected < 1-150200.5.3.2fixed 1-150200.5.3.2

    A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of ser

  • CVE-2023-20593MedJul 24, 2023
    affected < 1-150200.5.3.2fixed 1-150200.5.3.2

    An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

  • CVE-2023-3812HigJul 24, 2023
    affected < 1-150200.5.3.2fixed 1-150200.5.3.2

    An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on t

  • CVE-2023-3567HigJul 24, 2023
    affected < 1-150200.5.3.2fixed 1-150200.5.3.2

    A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.

  • CVE-2023-3776HigJul 21, 2023
    affected < 1-150200.5.3.2fixed 1-150200.5.3.2

    A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_b

  • CVE-2023-3611HigJul 21, 2023
    affected < 1-150200.5.3.2fixed 1-150200.5.3.2

    An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes wi

  • CVE-2023-3609HigJul 21, 2023
    affected < 1-150200.5.3.2fixed 1-150200.5.3.2

    A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf

Page 1 of 2