VYPR

rpm package

suse/kernel-livepatch-SLE15-SP4_Update_21&distro=SUSE Linux Enterprise Live Patching 15 SP4

pkg:rpm/suse/kernel-livepatch-SLE15-SP4_Update_21&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4

Vulnerabilities (33)

  • CVE-2023-6932HigDec 19, 2023
    affected < 2-150400.2.1fixed 2-150400.2.1

    A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recomme

  • CVE-2023-6931HigDec 19, 2023
    affected < 8-150400.2.1fixed 8-150400.2.1

    A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recomme

  • CVE-2023-6176Nov 16, 2023
    affected < 1-150400.9.3.2fixed 1-150400.9.3.2

    A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escal

  • CVE-2023-39198Nov 9, 2023
    affected < 1-150400.9.3.2fixed 1-150400.9.3.2

    A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the ret

  • CVE-2023-6039Nov 9, 2023
    affected < 1-150400.9.3.2fixed 1-150400.9.3.2

    A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.

  • CVE-2023-46862Oct 29, 2023
    affected < 1-150400.9.3.2fixed 1-150400.9.3.2

    An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.

  • CVE-2023-5717Oct 25, 2023
    affected < 1-150400.9.3.2fixed 1-150400.9.3.2

    A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can i

  • CVE-2023-45871Oct 15, 2023
    affected < 1-150400.9.3.2fixed 1-150400.9.3.2

    An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.

  • CVE-2023-45863Oct 14, 2023
    affected < 1-150400.9.3.2fixed 1-150400.9.3.2

    An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.

  • CVE-2023-5158Sep 25, 2023
    affected < 1-150400.9.3.2fixed 1-150400.9.3.2

    A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor.

  • CVE-2023-4244Sep 6, 2023
    affected < 1-150400.9.3.2fixed 1-150400.9.3.2

    A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to under

  • CVE-2023-25775Aug 11, 2023
    affected < 1-150400.9.3.2fixed 1-150400.9.3.2

    Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

  • CVE-2023-2006Apr 24, 2023
    affected < 1-150400.9.3.2fixed 1-150400.9.3.2

    A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary cod

Page 2 of 2