VYPR

rpm package

suse/kernel-livepatch-SLE15-SP3_Update_30&distro=SUSE Linux Enterprise Live Patching 15 SP3

pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_30&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3

Vulnerabilities (38)

  • CVE-2023-2176Apr 20, 2023
    affected < 6-150300.2.1fixed 6-150300.2.1

    A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.

  • CVE-2023-1829Apr 12, 2023
    affected < 7-150300.2.1fixed 7-150300.2.1

    A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying struc

  • CVE-2022-4744Mar 30, 2023
    affected < 4-150300.2.1fixed 4-150300.2.1

    A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the

  • CVE-2023-1078Mar 27, 2023
    affected < 2-150300.2.3fixed 2-150300.2.3

    A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_inf

  • CVE-2023-1077Mar 27, 2023
    affected < 6-150300.2.1fixed 6-150300.2.1

    In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a

  • CVE-2023-0590Mar 23, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.

  • CVE-2023-1390Mar 16, 2023
    affected < 4-150300.2.1fixed 4-150300.2.1

    A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in

  • CVE-2023-28466Mar 15, 2023
    affected < 4-150300.2.1fixed 4-150300.2.1

    do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

  • CVE-2023-1118Mar 2, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

  • CVE-2023-23006Mar 1, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

  • CVE-2023-23000Mar 1, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.

  • CVE-2023-22998Feb 28, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).

  • CVE-2023-22995Feb 28, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.

  • CVE-2023-26545Feb 25, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

  • CVE-2023-0597Feb 23, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected l

  • CVE-2023-23559Jan 13, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.

  • CVE-2022-38096MedSep 9, 2022
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, cau

  • CVE-2022-36280Sep 9, 2022
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privi

Page 2 of 2