VYPR

rpm package

suse/kernel-livepatch-SLE15-SP4-RT_Update_2&distro=SUSE Linux Enterprise Live Patching 15 SP4

pkg:rpm/suse/kernel-livepatch-SLE15-SP4-RT_Update_2&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4

Vulnerabilities (24)

  • CVE-2023-5345HigOct 3, 2023
    affected < 11-150400.2.2fixed 11-150400.2.2

    A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We

  • CVE-2023-2163CriSep 20, 2023
    affected < 11-150400.2.2fixed 11-150400.2.2

    Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.

  • CVE-2023-4622HigSep 6, 2023
    affected < 11-150400.2.2fixed 11-150400.2.2

    A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where uni

  • CVE-2023-3777HigSep 6, 2023
    affected < 11-150400.2.2fixed 11-150400.2.2

    A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release

  • CVE-2023-3610HigJul 21, 2023
    affected < 11-150400.2.2fixed 11-150400.2.2

    A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET

  • CVE-2023-31436HigApr 28, 2023
    affected < 6-150400.2.2fixed 6-150400.2.2

    qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

  • CVE-2023-1078HigMar 27, 2023
    affected < 3-150400.2.3fixed 3-150400.2.3

    A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_inf

  • CVE-2023-28466HigMar 16, 2023
    affected < 6-150400.2.2fixed 6-150400.2.2

    do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

  • CVE-2023-26545MedFeb 25, 2023
    affected < 3-150400.2.3fixed 3-150400.2.3

    In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

  • CVE-2023-23455MedJan 12, 2023
    affected < 6-150400.2.2fixed 6-150400.2.2

    atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).

  • CVE-2022-4379HigJan 10, 2023
    affected < 1-150400.1.3.1fixed 1-150400.1.3.1

    A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial

  • CVE-2022-4662MedDec 22, 2022
    affected < 1-150400.1.3.1fixed 1-150400.1.3.1

    A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.

  • CVE-2022-47520HigDec 18, 2022
    affected < 1-150400.1.3.1fixed 1-150400.1.3.1

    An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink

  • CVE-2022-3115MedDec 14, 2022
    affected < 1-150400.1.3.1fixed 1-150400.1.3.1

    An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.

  • CVE-2022-3113MedDec 14, 2022
    affected < 1-150400.1.3.1fixed 1-150400.1.3.1

    An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.

  • CVE-2022-3112MedDec 14, 2022
    affected < 1-150400.1.3.1fixed 1-150400.1.3.1

    An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.

  • CVE-2022-3111MedDec 14, 2022
    affected < 1-150400.1.3.1fixed 1-150400.1.3.1

    An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().

  • CVE-2022-3108MedDec 14, 2022
    affected < 1-150400.1.3.1fixed 1-150400.1.3.1

    An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().

  • CVE-2022-3107MedDec 14, 2022
    affected < 1-150400.1.3.1fixed 1-150400.1.3.1

    An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.

  • CVE-2022-3106MedDec 14, 2022
    affected < 1-150400.1.3.1fixed 1-150400.1.3.1

    An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().

Page 1 of 2