VYPR

rpm package

suse/kernel-livepatch-SLE15-SP3_Update_35&distro=SUSE Linux Enterprise Live Patching 15 SP3

pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_35&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3

Vulnerabilities (30)

  • CVE-2023-3776Jul 21, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_b

  • CVE-2023-3611Jul 21, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes wi

  • CVE-2023-3609Jul 21, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf

  • CVE-2023-35001Jul 5, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace

  • CVE-2023-31248Jul 5, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace

  • CVE-2023-3390Jun 28, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This fl

  • CVE-2023-2985Jun 1, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.

  • CVE-2023-0459May 25, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commi

  • CVE-2023-2156May 9, 2023
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create

  • CVE-2023-1829Apr 12, 2023
    affected < 2-150300.2.1fixed 2-150300.2.1

    A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying struc

Page 2 of 2