rpm package

suse/kernel-livepatch-SLE15-SP3_Update_14&distro=SUSE Linux Enterprise Live Patching 15 SP3

pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_14&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3

Vulnerabilities (61)

CVE	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2022-28390	—		< 11-150300.2.2	11-150300.2.2	Apr 3, 2022	ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-1055	—		< 5-150300.2.1	5-150300.2.1	Mar 29, 2022	A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
CVE-2022-0435	—		< 1-150300.7.3.1	1-150300.7.3.1	Mar 25, 2022	A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate
CVE-2022-0330	—		< 1-150300.7.3.1	1-150300.7.3.1	Mar 25, 2022	A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2022-27666	—		< 4-150300.2.1	4-150300.2.1	Mar 23, 2022	A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
CVE-2022-1011	—		< 5-150300.2.1	5-150300.2.1	Mar 18, 2022	A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
CVE-2021-39698	—		< 4-150300.2.1	4-150300.2.1	Mar 16, 2022	In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android ke
CVE-2021-39685	—		< 1-150300.7.3.1	1-150300.7.3.1	Mar 16, 2022	In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:
CVE-2022-0516	—		< 2-150300.2.1	2-150300.2.1	Mar 8, 2022	A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions pri
CVE-2022-26490	—		< 11-150300.2.2	11-150300.2.2	Mar 6, 2022	st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
CVE-2022-0492	—		< 3-150300.2.1	3-150300.2.1	Mar 3, 2022	A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpecte
CVE-2020-36516	—		< 12-150300.2.2	12-150300.2.2	Feb 26, 2022	An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
CVE-2022-25636	—		< 3-150300.2.1	3-150300.2.1	Feb 22, 2022	net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
CVE-2022-0286	—		< 1-150300.7.3.1	1-150300.7.3.1	Jan 31, 2022	A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.
CVE-2021-22600	—	KEV	< 1-150300.7.3.1	1-150300.7.3.1	Jan 26, 2022	A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
CVE-2021-44733	—		< 1-150300.7.3.1	1-150300.7.3.1	Dec 22, 2021	A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
CVE-2021-45095	—		< 1-150300.7.3.1	1-150300.7.3.1	Dec 16, 2021	pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.
CVE-2021-39657	—		< 1-150300.7.3.1	1-150300.7.3.1	Dec 15, 2021	In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:
CVE-2021-39648	—		< 1-150300.7.3.1	1-150300.7.3.1	Dec 15, 2021	In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio
CVE-2021-0920	—	KEV	< 2-150300.2.1	2-150300.2.1	Dec 15, 2021	In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro

CVE-2022-28390Apr 3, 2022
affected < 11-150300.2.2fixed 11-150300.2.2
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-1055Mar 29, 2022
affected < 5-150300.2.1fixed 5-150300.2.1
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
CVE-2022-0435Mar 25, 2022
affected < 1-150300.7.3.1fixed 1-150300.7.3.1
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate
CVE-2022-0330Mar 25, 2022
affected < 1-150300.7.3.1fixed 1-150300.7.3.1
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2022-27666Mar 23, 2022
affected < 4-150300.2.1fixed 4-150300.2.1
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
CVE-2022-1011Mar 18, 2022
affected < 5-150300.2.1fixed 5-150300.2.1
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
CVE-2021-39698Mar 16, 2022
affected < 4-150300.2.1fixed 4-150300.2.1
In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android ke
CVE-2021-39685Mar 16, 2022
affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:
CVE-2022-0516Mar 8, 2022
affected < 2-150300.2.1fixed 2-150300.2.1
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions pri
CVE-2022-26490Mar 6, 2022
affected < 11-150300.2.2fixed 11-150300.2.2
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
CVE-2022-0492Mar 3, 2022
affected < 3-150300.2.1fixed 3-150300.2.1
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpecte
CVE-2020-36516Feb 26, 2022
affected < 12-150300.2.2fixed 12-150300.2.2
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
CVE-2022-25636Feb 22, 2022
affected < 3-150300.2.1fixed 3-150300.2.1
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
CVE-2022-0286Jan 31, 2022
affected < 1-150300.7.3.1fixed 1-150300.7.3.1
A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.
CVE-2021-22600KEVJan 26, 2022
affected < 1-150300.7.3.1fixed 1-150300.7.3.1
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
CVE-2021-44733Dec 22, 2021
affected < 1-150300.7.3.1fixed 1-150300.7.3.1
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
CVE-2021-45095Dec 16, 2021
affected < 1-150300.7.3.1fixed 1-150300.7.3.1
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.
CVE-2021-39657Dec 15, 2021
affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:
CVE-2021-39648Dec 15, 2021
affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio
CVE-2021-0920KEVDec 15, 2021
affected < 2-150300.2.1fixed 2-150300.2.1
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro

Page 3 of 4