rpm package
suse/kernel-livepatch-SLE15-SP4_Update_14&distro=SUSE Linux Enterprise Live Patching 15 SP4
pkg:rpm/suse/kernel-livepatch-SLE15-SP4_Update_14&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4
Vulnerabilities (35)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-3358 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 28, 2023 | A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system. | ||
| CVE-2023-3357 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 28, 2023 | A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system. | ||
| CVE-2023-3212 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 23, 2023 | A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this f | ||
| CVE-2023-35829 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 18, 2023 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c. | ||
| CVE-2023-35828 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 18, 2023 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c. | ||
| CVE-2023-35823 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 18, 2023 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. | ||
| CVE-2023-35788 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 16, 2023 | An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. | ||
| CVE-2023-3161 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 12, 2023 | A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. | ||
| CVE-2023-3141 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 9, 2023 | A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. | ||
| CVE-2023-3111 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 5, 2023 | A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). | ||
| CVE-2023-21102 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | May 15, 2023 | In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Pr | ||
| CVE-2023-2156 | — | < 2-150400.2.1 | 2-150400.2.1 | May 9, 2023 | A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create | ||
| CVE-2023-1829 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Apr 12, 2023 | A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying struc | ||
| CVE-2023-1077 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Mar 27, 2023 | In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a | ||
| CVE-2023-1249 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Mar 23, 2023 | A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. |
- CVE-2023-3358Jun 28, 2023affected < 1-150400.9.3.1fixed 1-150400.9.3.1
A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.
- CVE-2023-3357Jun 28, 2023affected < 1-150400.9.3.1fixed 1-150400.9.3.1
A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system.
- CVE-2023-3212Jun 23, 2023affected < 1-150400.9.3.1fixed 1-150400.9.3.1
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this f
- CVE-2023-35829Jun 18, 2023affected < 1-150400.9.3.1fixed 1-150400.9.3.1
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.
- CVE-2023-35828Jun 18, 2023affected < 1-150400.9.3.1fixed 1-150400.9.3.1
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
- CVE-2023-35823Jun 18, 2023affected < 1-150400.9.3.1fixed 1-150400.9.3.1
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
- CVE-2023-35788Jun 16, 2023affected < 1-150400.9.3.1fixed 1-150400.9.3.1
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
- CVE-2023-3161Jun 12, 2023affected < 1-150400.9.3.1fixed 1-150400.9.3.1
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.
- CVE-2023-3141Jun 9, 2023affected < 1-150400.9.3.1fixed 1-150400.9.3.1
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
- CVE-2023-3111Jun 5, 2023affected < 1-150400.9.3.1fixed 1-150400.9.3.1
A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().
- CVE-2023-21102May 15, 2023affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Pr
- CVE-2023-2156May 9, 2023affected < 2-150400.2.1fixed 2-150400.2.1
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create
- CVE-2023-1829Apr 12, 2023affected < 1-150400.9.3.1fixed 1-150400.9.3.1
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying struc
- CVE-2023-1077Mar 27, 2023affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a
- CVE-2023-1249Mar 23, 2023affected < 1-150400.9.3.1fixed 1-150400.9.3.1
A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected.
Page 2 of 2