VYPR

rpm package

suse/kernel-livepatch-SLE15-SP3_Update_34&distro=SUSE Linux Enterprise Live Patching 15 SP3

pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_34&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3

Vulnerabilities (29)

  • CVE-2023-35788Jun 16, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.

  • CVE-2023-3268Jun 16, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.

  • CVE-2023-3161Jun 12, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.

  • CVE-2023-3159Jun 12, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.

  • CVE-2023-3141Jun 9, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.

  • CVE-2023-2002May 26, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availabil

  • CVE-2023-2156May 9, 2023
    affected < 2-150300.2.1fixed 2-150300.2.1

    A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create

  • CVE-2023-1077Mar 27, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a

  • CVE-2023-1249Mar 23, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected.

Page 2 of 2