rpm package
suse/kernel-livepatch-SLE15-SP4_Update_7&distro=SUSE Linux Enterprise Live Patching 15 SP4
pkg:rpm/suse/kernel-livepatch-SLE15-SP4_Update_7&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4
Vulnerabilities (18)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-1078 | — | < 3-150400.2.3 | 3-150400.2.3 | Mar 27, 2023 | A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_inf | ||
| CVE-2023-26545 | — | < 3-150400.2.3 | 3-150400.2.3 | Feb 25, 2023 | In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | ||
| CVE-2023-0266 | — | KEV | < 3-150400.2.3 | 3-150400.2.3 | Jan 30, 2023 | A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgradin | |
| CVE-2022-4379 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jan 10, 2023 | A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial | ||
| CVE-2022-4662 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Dec 22, 2022 | A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. | ||
| CVE-2022-47520 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Dec 18, 2022 | An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink | ||
| CVE-2022-3115 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. | ||
| CVE-2022-3114 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference. | ||
| CVE-2022-3113 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference. | ||
| CVE-2022-3112 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. | ||
| CVE-2022-3111 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger(). | ||
| CVE-2022-3108 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). | ||
| CVE-2022-3107 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference. | ||
| CVE-2022-3106 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc(). | ||
| CVE-2022-3105 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array(). | ||
| CVE-2022-3104 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference. | ||
| CVE-2022-3344 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Oct 24, 2022 | A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). | ||
| CVE-2022-3564 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Oct 17, 2022 | A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to |
- CVE-2023-1078Mar 27, 2023affected < 3-150400.2.3fixed 3-150400.2.3
A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_inf
- CVE-2023-26545Feb 25, 2023affected < 3-150400.2.3fixed 3-150400.2.3
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
- affected < 3-150400.2.3fixed 3-150400.2.3
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgradin
- CVE-2022-4379Jan 10, 2023affected < 1-150400.9.3.1fixed 1-150400.9.3.1
A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial
- CVE-2022-4662Dec 22, 2022affected < 1-150400.9.3.1fixed 1-150400.9.3.1
A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.
- CVE-2022-47520Dec 18, 2022affected < 1-150400.9.3.1fixed 1-150400.9.3.1
An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink
- CVE-2022-3115Dec 14, 2022affected < 1-150400.9.3.1fixed 1-150400.9.3.1
An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.
- CVE-2022-3114Dec 14, 2022affected < 1-150400.9.3.1fixed 1-150400.9.3.1
An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.
- CVE-2022-3113Dec 14, 2022affected < 1-150400.9.3.1fixed 1-150400.9.3.1
An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.
- CVE-2022-3112Dec 14, 2022affected < 1-150400.9.3.1fixed 1-150400.9.3.1
An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.
- CVE-2022-3111Dec 14, 2022affected < 1-150400.9.3.1fixed 1-150400.9.3.1
An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().
- CVE-2022-3108Dec 14, 2022affected < 1-150400.9.3.1fixed 1-150400.9.3.1
An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
- CVE-2022-3107Dec 14, 2022affected < 1-150400.9.3.1fixed 1-150400.9.3.1
An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.
- CVE-2022-3106Dec 14, 2022affected < 1-150400.9.3.1fixed 1-150400.9.3.1
An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().
- CVE-2022-3105Dec 14, 2022affected < 1-150400.9.3.1fixed 1-150400.9.3.1
An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().
- CVE-2022-3104Dec 14, 2022affected < 1-150400.9.3.1fixed 1-150400.9.3.1
An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.
- CVE-2022-3344Oct 24, 2022affected < 1-150400.9.3.1fixed 1-150400.9.3.1
A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0).
- CVE-2022-3564Oct 17, 2022affected < 1-150400.9.3.1fixed 1-150400.9.3.1
A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to