VYPR

rpm package

suse/kernel-livepatch-SLE15-SP4-RT_Update_8&distro=SUSE Linux Enterprise Live Patching 15 SP4

pkg:rpm/suse/kernel-livepatch-SLE15-SP4-RT_Update_8&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4

Vulnerabilities (37)

  • CVE-2023-4273MedAug 9, 2023
    affected < 3-150400.2.1fixed 3-150400.2.1

    A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a si

  • CVE-2023-3776HigJul 21, 2023
    affected < 3-150400.2.1fixed 3-150400.2.1

    A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_b

  • CVE-2023-3609HigJul 21, 2023
    affected < 3-150400.2.1fixed 3-150400.2.1

    A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf

  • CVE-2023-35001HigJul 5, 2023
    affected < 2-150400.2.1fixed 2-150400.2.1

    Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace

  • CVE-2023-31248HigJul 5, 2023
    affected < 3-150400.2.1fixed 3-150400.2.1

    Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace

  • CVE-2023-3090HigJun 28, 2023
    affected < 2-150400.2.1fixed 2-150400.2.1

    A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_

  • CVE-2023-35828HigJun 18, 2023
    affected < 1-150400.1.9.2fixed 1-150400.1.9.2

    An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.

  • CVE-2023-35823HigJun 18, 2023
    affected < 1-150400.1.9.2fixed 1-150400.1.9.2

    An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.

  • CVE-2023-35788HigJun 16, 2023
    affected < 1-150400.1.9.2fixed 1-150400.1.9.2

    An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.

  • CVE-2023-3161MedJun 12, 2023
    affected < 1-150400.1.9.2fixed 1-150400.1.9.2

    A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.

  • CVE-2023-3141HigJun 9, 2023
    affected < 1-150400.1.9.2fixed 1-150400.1.9.2

    A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.

  • CVE-2023-3006MedMay 31, 2023
    affected < 1-150400.1.9.2fixed 1-150400.1.9.2

    A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer

  • CVE-2023-2002MedMay 26, 2023
    affected < 1-150400.1.9.2fixed 1-150400.1.9.2

    A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availabil

  • CVE-2023-33288MedMay 22, 2023
    affected < 1-150400.1.9.2fixed 1-150400.1.9.2

    An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition.

  • CVE-2023-2124HigMay 15, 2023
    affected < 1-150400.1.9.2fixed 1-150400.1.9.2

    An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.

  • CVE-2023-21102HigMay 15, 2023
    affected < 1-150400.1.9.2fixed 1-150400.1.9.2

    In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Pr

  • CVE-2023-28410HigMay 10, 2023
    affected < 1-150400.1.9.2fixed 1-150400.1.9.2

    Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2023-2156HigMay 9, 2023
    affected < 1-150400.1.9.2fixed 1-150400.1.9.2

    A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create

  • CVE-2023-2513MedMay 8, 2023
    affected < 1-150400.1.9.2fixed 1-150400.1.9.2

    A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.

  • CVE-2023-32233HigMay 8, 2023
    affected < 1-150400.1.9.2fixed 1-150400.1.9.2

    In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mis

Page 1 of 2