rpm package

suse/kernel-livepatch-SLE15-SP3_Update_16&distro=SUSE Linux Enterprise Live Patching 15 SP3

pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_16&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3

Vulnerabilities (70)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-30594	—	< 6-150300.2.2	6-150300.2.2	May 12, 2022	The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
CVE-2022-1048	—	< 6-150300.2.2	6-150300.2.2	Apr 29, 2022	A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
CVE-2022-1280	—	< 5-150300.2.1	5-150300.2.1	Apr 13, 2022	A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.
CVE-2022-28389	—	< 9-150300.2.2	9-150300.2.2	Apr 3, 2022	mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28390	—	< 9-150300.2.2	9-150300.2.2	Apr 3, 2022	ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-1055	—	< 3-150300.2.1	3-150300.2.1	Mar 29, 2022	A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
CVE-2022-27666	—	< 2-150300.2.1	2-150300.2.1	Mar 23, 2022	A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
CVE-2022-1011	—	< 3-150300.2.1	3-150300.2.1	Mar 18, 2022	A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
CVE-2021-39698	—	< 1-150300.7.5.3	1-150300.7.5.3	Mar 16, 2022	In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android ke
CVE-2022-26966	—	< 1-150300.7.5.3	1-150300.7.5.3	Mar 12, 2022	An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.
CVE-2022-23042	—	< 1-150300.7.5.3	1-150300.7.5.3	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23041	—	< 1-150300.7.5.3	1-150300.7.5.3	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23040	—	< 1-150300.7.5.3	1-150300.7.5.3	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23039	—	< 1-150300.7.5.3	1-150300.7.5.3	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23038	—	< 1-150300.7.5.3	1-150300.7.5.3	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23037	—	< 1-150300.7.5.3	1-150300.7.5.3	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23036	—	< 1-150300.7.5.3	1-150300.7.5.3	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-26490	—	< 1-150300.7.5.3	1-150300.7.5.3	Mar 6, 2022	st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
CVE-2020-36516	—	< 10-150300.2.2	10-150300.2.2	Feb 26, 2022	An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
CVE-2022-25636	—	< 1-150300.7.5.3	1-150300.7.5.3	Feb 22, 2022	net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.

CVE-2022-30594May 12, 2022
affected < 6-150300.2.2fixed 6-150300.2.2
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
CVE-2022-1048Apr 29, 2022
affected < 6-150300.2.2fixed 6-150300.2.2
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
CVE-2022-1280Apr 13, 2022
affected < 5-150300.2.1fixed 5-150300.2.1
A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.
CVE-2022-28389Apr 3, 2022
affected < 9-150300.2.2fixed 9-150300.2.2
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28390Apr 3, 2022
affected < 9-150300.2.2fixed 9-150300.2.2
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-1055Mar 29, 2022
affected < 3-150300.2.1fixed 3-150300.2.1
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
CVE-2022-27666Mar 23, 2022
affected < 2-150300.2.1fixed 2-150300.2.1
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
CVE-2022-1011Mar 18, 2022
affected < 3-150300.2.1fixed 3-150300.2.1
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
CVE-2021-39698Mar 16, 2022
affected < 1-150300.7.5.3fixed 1-150300.7.5.3
In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android ke
CVE-2022-26966Mar 12, 2022
affected < 1-150300.7.5.3fixed 1-150300.7.5.3
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.
CVE-2022-23042Mar 10, 2022
affected < 1-150300.7.5.3fixed 1-150300.7.5.3
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23041Mar 10, 2022
affected < 1-150300.7.5.3fixed 1-150300.7.5.3
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23040Mar 10, 2022
affected < 1-150300.7.5.3fixed 1-150300.7.5.3
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23039Mar 10, 2022
affected < 1-150300.7.5.3fixed 1-150300.7.5.3
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23038Mar 10, 2022
affected < 1-150300.7.5.3fixed 1-150300.7.5.3
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23037Mar 10, 2022
affected < 1-150300.7.5.3fixed 1-150300.7.5.3
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23036Mar 10, 2022
affected < 1-150300.7.5.3fixed 1-150300.7.5.3
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-26490Mar 6, 2022
affected < 1-150300.7.5.3fixed 1-150300.7.5.3
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
CVE-2020-36516Feb 26, 2022
affected < 10-150300.2.2fixed 10-150300.2.2
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
CVE-2022-25636Feb 22, 2022
affected < 1-150300.7.5.3fixed 1-150300.7.5.3
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.

Page 3 of 4