rpm package

suse/kernel-livepatch-SLE15-SP4-RT_Update_5&distro=SUSE Linux Enterprise Live Patching 15 SP4

pkg:rpm/suse/kernel-livepatch-SLE15-SP4-RT_Update_5&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4

Vulnerabilities (33)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-23004		—	< 1-150400.1.3.1	1-150400.1.3.1	Mar 1, 2023	In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
CVE-2023-23000		—	< 1-150400.1.3.1	1-150400.1.3.1	Mar 1, 2023	In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.
CVE-2023-0461		—	< 1-150400.1.3.1	1-150400.1.3.1	Feb 28, 2023	There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege
CVE-2023-22998		—	< 1-150400.1.3.1	1-150400.1.3.1	Feb 28, 2023	In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
CVE-2023-22995		—	< 1-150400.1.3.1	1-150400.1.3.1	Feb 28, 2023	In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.
CVE-2023-1095		—	< 1-150400.1.3.1	1-150400.1.3.1	Feb 28, 2023	In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer deref
CVE-2023-26545		—	< 1-150400.1.3.1	1-150400.1.3.1	Feb 25, 2023	In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
CVE-2023-0597		—	< 1-150400.1.3.1	1-150400.1.3.1	Feb 23, 2023	A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected l
CVE-2023-25012		—	< 1-150400.1.3.1	1-150400.1.3.1	Feb 1, 2023	The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.
CVE-2023-23559		—	< 1-150400.1.3.1	1-150400.1.3.1	Jan 13, 2023	In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
CVE-2023-23454		—	< 3-150400.2.2	3-150400.2.2	Jan 12, 2023	cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVE-2022-3523		—	< 1-150400.1.3.1	1-150400.1.3.1	Oct 16, 2022	A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to
CVE-2022-38096	Med	6.3	< 1-150400.1.3.1	1-150400.1.3.1	Sep 9, 2022	A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, cau

CVE-2023-23004Mar 1, 2023
affected < 1-150400.1.3.1fixed 1-150400.1.3.1
In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
CVE-2023-23000Mar 1, 2023
affected < 1-150400.1.3.1fixed 1-150400.1.3.1
In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.
CVE-2023-0461Feb 28, 2023
affected < 1-150400.1.3.1fixed 1-150400.1.3.1
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege
CVE-2023-22998Feb 28, 2023
affected < 1-150400.1.3.1fixed 1-150400.1.3.1
In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).
CVE-2023-22995Feb 28, 2023
affected < 1-150400.1.3.1fixed 1-150400.1.3.1
In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.
CVE-2023-1095Feb 28, 2023
affected < 1-150400.1.3.1fixed 1-150400.1.3.1
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer deref
CVE-2023-26545Feb 25, 2023
affected < 1-150400.1.3.1fixed 1-150400.1.3.1
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
CVE-2023-0597Feb 23, 2023
affected < 1-150400.1.3.1fixed 1-150400.1.3.1
A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected l
CVE-2023-25012Feb 1, 2023
affected < 1-150400.1.3.1fixed 1-150400.1.3.1
The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.
CVE-2023-23559Jan 13, 2023
affected < 1-150400.1.3.1fixed 1-150400.1.3.1
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
CVE-2023-23454Jan 12, 2023
affected < 3-150400.2.2fixed 3-150400.2.2
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVE-2022-3523Oct 16, 2022
affected < 1-150400.1.3.1fixed 1-150400.1.3.1
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to
CVE-2022-38096MedSep 9, 2022
affected < 1-150400.1.3.1fixed 1-150400.1.3.1
A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, cau

Page 2 of 2