rpm package
suse/kernel-livepatch-SLE15-SP2_Update_52&distro=SUSE Linux Enterprise Live Patching 15 SP2
pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_52&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2
Vulnerabilities (30)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52854 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: padata: Fix refcnt handling in padata_free_shell() In a high-load arm64 environment, the pcrypt_aead01 test in LTP can lead to system UAF (Use-After-Free) issues. Due to the lengthy analysis of the pcrypt_aead0 | ||
| CVE-2022-48686 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | May 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix UAF when detecting digest errors We should also bail from the io_work loop when we set rd_enabled to true, so we don't attempt to read data from the socket when the TCP stream is already out-of-sy | ||
| CVE-2024-26800 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Apr 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and crypto_aead_decrypt returns -EBUSY, tls_do_decryption will wait until all async decryptions have completed. | ||
| CVE-2024-26584 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Feb 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRES | ||
| CVE-2024-26583 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Feb 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touch | ||
| CVE-2023-2176 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Apr 20, 2023 | A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. | ||
| CVE-2023-1582 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Apr 5, 2023 | A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service. | ||
| CVE-2022-2964 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Sep 9, 2022 | A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. | ||
| CVE-2022-20368 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Aug 11, 2022 | Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel | ||
| CVE-2022-0854 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Mar 23, 2022 | A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. |
- CVE-2023-52854May 21, 2024affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: padata: Fix refcnt handling in padata_free_shell() In a high-load arm64 environment, the pcrypt_aead01 test in LTP can lead to system UAF (Use-After-Free) issues. Due to the lengthy analysis of the pcrypt_aead0
- CVE-2022-48686May 3, 2024affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix UAF when detecting digest errors We should also bail from the io_work loop when we set rd_enabled to true, so we don't attempt to read data from the socket when the TCP stream is already out-of-sy
- CVE-2024-26800Apr 4, 2024affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and crypto_aead_decrypt returns -EBUSY, tls_do_decryption will wait until all async decryptions have completed.
- CVE-2024-26584Feb 21, 2024affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRES
- CVE-2024-26583Feb 21, 2024affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touch
- CVE-2023-2176Apr 20, 2023affected < 1-150200.5.3.1fixed 1-150200.5.3.1
A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.
- CVE-2023-1582Apr 5, 2023affected < 1-150200.5.3.1fixed 1-150200.5.3.1
A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.
- CVE-2022-2964Sep 9, 2022affected < 1-150200.5.3.1fixed 1-150200.5.3.1
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
- CVE-2022-20368Aug 11, 2022affected < 1-150200.5.3.1fixed 1-150200.5.3.1
Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel
- CVE-2022-0854Mar 23, 2022affected < 1-150200.5.3.1fixed 1-150200.5.3.1
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
Page 2 of 2