VYPR

rpm package

suse/kernel-livepatch-SLE15-SP4-RT_Update_9&distro=SUSE Linux Enterprise Live Patching 15 SP4

pkg:rpm/suse/kernel-livepatch-SLE15-SP4-RT_Update_9&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4

Vulnerabilities (13)

  • CVE-2023-4273Aug 9, 2023
    affected < 3-150400.2.1fixed 3-150400.2.1

    A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a si

  • CVE-2023-3776Jul 21, 2023
    affected < 3-150400.2.1fixed 3-150400.2.1

    A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_b

  • CVE-2023-3609Jul 21, 2023
    affected < 3-150400.2.1fixed 3-150400.2.1

    A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf

  • CVE-2023-35001Jul 5, 2023
    affected < 2-150400.2.1fixed 2-150400.2.1

    Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace

  • CVE-2023-31248Jul 5, 2023
    affected < 3-150400.2.1fixed 3-150400.2.1

    Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace

  • CVE-2023-3389Jun 28, 2023
    affected < 1-150400.1.3.1fixed 1-150400.1.3.1

    A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526

  • CVE-2023-3090Jun 28, 2023
    affected < 1-150400.1.3.1fixed 1-150400.1.3.1

    A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_

  • CVE-2023-3358Jun 28, 2023
    affected < 1-150400.1.3.1fixed 1-150400.1.3.1

    A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.

  • CVE-2023-3357Jun 28, 2023
    affected < 1-150400.1.3.1fixed 1-150400.1.3.1

    A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system.

  • CVE-2023-3212Jun 23, 2023
    affected < 1-150400.1.3.1fixed 1-150400.1.3.1

    A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this f

  • CVE-2023-3111Jun 5, 2023
    affected < 1-150400.1.3.1fixed 1-150400.1.3.1

    A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().

  • CVE-2023-2156May 9, 2023
    affected < 2-150400.2.1fixed 2-150400.2.1

    A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create

  • CVE-2023-1829Apr 12, 2023
    affected < 1-150400.1.3.1fixed 1-150400.1.3.1

    A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying struc