VYPR

rpm package

suse/kernel-livepatch-SLE15-SP3_Update_41&distro=SUSE Linux Enterprise Live Patching 15 SP3

pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_41&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3

Vulnerabilities (46)

  • CVE-2024-35861May 19, 2024
    affected < 11-150300.2.1fixed 11-150300.2.1

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

  • CVE-2024-35789HigMay 17, 2024
    affected < 17-150300.2.1fixed 17-150300.2.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a pointer to the VLAN's netdev, which can c

  • CVE-2024-27398May 13, 2024
    affected < 9-150300.2.1fixed 9-150300.2.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge whether the sco disconnection

  • CVE-2022-48651Apr 28, 2024
    affected < 6-150300.2.1fixed 6-150300.2.1

    In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an AF_PACKET socket is used to send packets through ipvlan and the default xmit function of the AF_PACKET socket is changed from dev_queue_xmit()

  • CVE-2024-26622Mar 4, 2024
    affected < 5-150300.2.1fixed 5-150300.2.1

    In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Ot

  • CVE-2023-52502Mar 2, 2024
    affected < 6-150300.2.1fixed 6-150300.2.1

    In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF. Getting a reference on the socket found in a lookup while holding a lock s

  • CVE-2024-26610Feb 29, 2024
    affected < 6-150300.2.1fixed 6-150300.2.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the

  • CVE-2024-26585Feb 21, 2024
    affected < 6-150300.2.1fixed 6-150300.2.1

    In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling

  • CVE-2023-6536Feb 7, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial

  • CVE-2023-6535Feb 7, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial

  • CVE-2023-6356Feb 7, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a deni

  • CVE-2024-1086KEVJan 31, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cau

  • CVE-2023-46838Jan 29, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are

  • CVE-2023-51043Jan 23, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.

  • CVE-2024-0775Jan 22, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.

  • CVE-2023-6531Jan 21, 2024
    affected < 3-150300.2.3fixed 3-150300.2.3

    A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.

  • CVE-2021-33631Jan 18, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.

  • CVE-2024-0565Jan 15, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

  • CVE-2023-6915Jan 15, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.

  • CVE-2023-6040Jan 12, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_