VYPR

rpm package

suse/kernel-livepatch-SLE15-SP2_Update_40&distro=SUSE Linux Enterprise Live Patching 15 SP2

pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_40&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2

Vulnerabilities (21)

  • CVE-2023-4134MedNov 14, 2024
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of ser

  • CVE-2023-52340HigJul 5, 2024
    affected < 7-150200.2.1fixed 7-150200.2.1

    The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.

  • CVE-2021-47383HigMay 21, 2024
    affected < 11-150200.2.1fixed 11-150200.2.1

    In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens when a userspace program does an ioctl FBIOPUT_VSCREENINFO passing the fb_var_screeninfo struct containing only the fields xres, yres, and bi

  • CVE-2024-26923MedApr 25, 2024
    affected < 11-150200.2.1fixed 11-150200.2.1

    In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM

  • CVE-2024-26828MedApr 17, 2024
    affected < 11-150200.2.1fixed 11-150200.2.1

    In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that "b

  • CVE-2024-23307MedJan 25, 2024
    affected < 11-150200.2.1fixed 11-150200.2.1

    Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.

  • CVE-2024-0565MedJan 15, 2024
    affected < 7-150200.2.1fixed 7-150200.2.1

    An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

  • CVE-2023-42753HigSep 25, 2023
    affected < 7-150200.2.1fixed 7-150200.2.1

    An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This iss

  • CVE-2023-4623HigSep 6, 2023
    affected < 2-150200.2.1fixed 2-150200.2.1

    A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curv

  • CVE-2023-4459MedAug 21, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sani

  • CVE-2023-4387HigAug 16, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all,

  • CVE-2023-4385MedAug 16, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.

  • CVE-2023-4273MedAug 9, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a si

  • CVE-2023-20588MedAug 8, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 

  • CVE-2023-4132MedAug 3, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.

  • CVE-2023-3772MedJul 25, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of s

  • CVE-2023-3863MedJul 24, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.

  • CVE-2023-21400MedJul 13, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-2007HigApr 24, 2023
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in t

  • CVE-2023-1829HigApr 12, 2023
    affected < 2-150200.2.1fixed 2-150200.2.1

    A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying struc

Page 1 of 2

VYPR — Vulnerability Intelligence