VYPR

rpm package

suse/kernel-livepatch-SLE15-SP4_Update_14&distro=SUSE Linux Enterprise Live Patching 15 SP4

pkg:rpm/suse/kernel-livepatch-SLE15-SP4_Update_14&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4

Vulnerabilities (35)

  • CVE-2024-35950MedMay 20, 2024
    affected < 14-150400.2.1fixed 14-150400.2.1

    In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes[] with dev->mode_config.mutex The modes[] array contains pointers to modes on the connectors' mode lists, which are protected by dev->mode_config.mutex. Thus we need to extend mo

  • CVE-2024-27398HigMay 14, 2024
    affected < 14-150400.2.1fixed 14-150400.2.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge whether the sco disconnection

  • CVE-2022-48651HigApr 28, 2024
    affected < 11-150400.2.1fixed 11-150400.2.1

    In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an AF_PACKET socket is used to send packets through ipvlan and the default xmit function of the AF_PACKET socket is changed from dev_queue_xmit()

  • CVE-2024-26766MedApr 3, 2024
    affected < 11-150400.2.1fixed 11-150400.2.1

    In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Unfortunately the commit `fd8958efe877` introduced another error causing the `descs` array to overflow. This reults in further crashes easily reproducible by `

  • CVE-2024-26610HigMar 11, 2024
    affected < 11-150400.2.1fixed 11-150400.2.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the

  • CVE-2024-26622HigMar 4, 2024
    affected < 10-150400.2.1fixed 10-150400.2.1

    In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Ot

  • CVE-2023-52502MedMar 2, 2024
    affected < 11-150400.2.1fixed 11-150400.2.1

    In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF. Getting a reference on the socket found in a lookup while holding a lock s

  • CVE-2024-26585MedFeb 21, 2024
    affected < 11-150400.2.1fixed 11-150400.2.1

    In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling

  • CVE-2024-1086HigKEVJan 31, 2024
    affected < 10-150400.2.1fixed 10-150400.2.1

    A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cau

  • CVE-2024-0775MedJan 22, 2024
    affected < 10-150400.2.1fixed 10-150400.2.1

    A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.

  • CVE-2023-6546HigDec 21, 2023
    affected < 11-150400.2.1fixed 11-150400.2.1

    A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci

  • CVE-2023-6931HigDec 19, 2023
    affected < 11-150400.2.1fixed 11-150400.2.1

    A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recomme

  • CVE-2023-5717HigOct 25, 2023
    affected < 10-150400.2.1fixed 10-150400.2.1

    A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can i

  • CVE-2023-4273MedAug 9, 2023
    affected < 3-150400.2.1fixed 3-150400.2.1

    A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a si

  • CVE-2023-3776HigJul 21, 2023
    affected < 3-150400.2.1fixed 3-150400.2.1

    A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_b

  • CVE-2023-3609HigJul 21, 2023
    affected < 3-150400.2.1fixed 3-150400.2.1

    A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf

  • CVE-2023-35001HigJul 5, 2023
    affected < 2-150400.2.1fixed 2-150400.2.1

    Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace

  • CVE-2023-31248HigJul 5, 2023
    affected < 3-150400.2.1fixed 3-150400.2.1

    Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace

  • CVE-2023-3358MedJun 28, 2023
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.

  • CVE-2023-3357MedJun 28, 2023
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system.

Page 1 of 2