rpm package
suse/kernel-livepatch-SLE15-SP3_Update_26&distro=SUSE Linux Enterprise Live Patching 15 SP3
pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_26&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3
Vulnerabilities (30)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-2602 | — | < 3-150300.2.1 | 3-150300.2.1 | Jan 8, 2024 | io_uring UAF, Unix SCM garbage collection | ||
| CVE-2023-35788 | — | < 9-150300.2.2 | 9-150300.2.2 | Jun 16, 2023 | An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. | ||
| CVE-2023-2002 | — | < 9-150300.2.2 | 9-150300.2.2 | May 26, 2023 | A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availabil | ||
| CVE-2023-0179 | — | < 4-150300.2.1 | 4-150300.2.1 | Mar 27, 2023 | A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. | ||
| CVE-2022-3424 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Mar 6, 2023 | A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate | ||
| CVE-2022-4139 | — | < 2-150300.2.1 | 2-150300.2.1 | Jan 27, 2023 | An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. | ||
| CVE-2022-4378 | — | < 2-150300.2.1 | 2-150300.2.1 | Jan 5, 2023 | A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||
| CVE-2022-43945 | Hig | 7.5 | < 2-150300.2.1 | 2-150300.2.1 | Nov 4, 2022 | The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client c | |
| CVE-2022-43750 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Oct 26, 2022 | drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory. | ||
| CVE-2022-3649 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Oct 21, 2022 | A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended | ||
| CVE-2022-3646 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Oct 21, 2022 | A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is r | ||
| CVE-2022-3640 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Oct 21, 2022 | A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. | ||
| CVE-2022-3629 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Oct 21, 2022 | A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears | ||
| CVE-2022-3625 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Oct 21, 2022 | A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix | ||
| CVE-2022-3621 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Oct 20, 2022 | A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack rem | ||
| CVE-2022-3577 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Oct 20, 2022 | An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect ass | ||
| CVE-2022-3586 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Oct 19, 2022 | A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to cra | ||
| CVE-2022-3594 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Oct 18, 2022 | A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched r | ||
| CVE-2022-3565 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Oct 17, 2022 | A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch | ||
| CVE-2022-3564 | — | < 4-150300.2.1 | 4-150300.2.1 | Oct 17, 2022 | A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to |
- CVE-2022-2602Jan 8, 2024affected < 3-150300.2.1fixed 3-150300.2.1
io_uring UAF, Unix SCM garbage collection
- CVE-2023-35788Jun 16, 2023affected < 9-150300.2.2fixed 9-150300.2.2
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
- CVE-2023-2002May 26, 2023affected < 9-150300.2.2fixed 9-150300.2.2
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availabil
- CVE-2023-0179Mar 27, 2023affected < 4-150300.2.1fixed 4-150300.2.1
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
- CVE-2022-3424Mar 6, 2023affected < 1-150300.7.3.1fixed 1-150300.7.3.1
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate
- CVE-2022-4139Jan 27, 2023affected < 2-150300.2.1fixed 2-150300.2.1
An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.
- CVE-2022-4378Jan 5, 2023affected < 2-150300.2.1fixed 2-150300.2.1
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
- affected < 2-150300.2.1fixed 2-150300.2.1
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client c
- CVE-2022-43750Oct 26, 2022affected < 1-150300.7.3.1fixed 1-150300.7.3.1
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.
- CVE-2022-3649Oct 21, 2022affected < 1-150300.7.3.1fixed 1-150300.7.3.1
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended
- CVE-2022-3646Oct 21, 2022affected < 1-150300.7.3.1fixed 1-150300.7.3.1
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is r
- CVE-2022-3640Oct 21, 2022affected < 1-150300.7.3.1fixed 1-150300.7.3.1
A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue.
- CVE-2022-3629Oct 21, 2022affected < 1-150300.7.3.1fixed 1-150300.7.3.1
A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears
- CVE-2022-3625Oct 21, 2022affected < 1-150300.7.3.1fixed 1-150300.7.3.1
A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix
- CVE-2022-3621Oct 20, 2022affected < 1-150300.7.3.1fixed 1-150300.7.3.1
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack rem
- CVE-2022-3577Oct 20, 2022affected < 1-150300.7.3.1fixed 1-150300.7.3.1
An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect ass
- CVE-2022-3586Oct 19, 2022affected < 1-150300.7.3.1fixed 1-150300.7.3.1
A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to cra
- CVE-2022-3594Oct 18, 2022affected < 1-150300.7.3.1fixed 1-150300.7.3.1
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched r
- CVE-2022-3565Oct 17, 2022affected < 1-150300.7.3.1fixed 1-150300.7.3.1
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch
- CVE-2022-3564Oct 17, 2022affected < 4-150300.2.1fixed 4-150300.2.1
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to
Page 1 of 2