VYPR

rpm package

suse/kernel-livepatch-SLE15-SP5-RT_Update_1&distro=SUSE Linux Enterprise Live Patching 15 SP5

pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5

Vulnerabilities (114)

  • CVE-2022-48651HigApr 28, 2024
    affected < 12-150500.2.1fixed 12-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an AF_PACKET socket is used to send packets through ipvlan and the default xmit function of the AF_PACKET socket is changed from dev_queue_xmit()

  • CVE-2024-26852HigApr 17, 2024
    affected < 13-150500.2.1fixed 13-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() syzbot found another use-after-free in ip6_route_mpath_notify() [1] Commit f7225172f25a ("net/ipv6: prevent use after free in ip6_route_mpath_notify") w

  • CVE-2024-26766MedApr 3, 2024
    affected < 12-150500.2.1fixed 12-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Unfortunately the commit `fd8958efe877` introduced another error causing the `descs` array to overflow. This reults in further crashes easily reproducible by `

  • CVE-2023-52628HigMar 28, 2024
    affected < 13-150500.2.1fixed 13-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to c

  • CVE-2024-26610HigMar 11, 2024
    affected < 12-150500.2.1fixed 12-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the

  • CVE-2024-26622HigMar 4, 2024
    affected < 10-150500.2.1fixed 10-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Ot

  • CVE-2023-52502MedMar 2, 2024
    affected < 12-150500.2.1fixed 12-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF. Getting a reference on the socket found in a lookup while holding a lock s

  • CVE-2023-51779HigFeb 29, 2024
    affected < 8-150500.2.2fixed 8-150500.2.2

    bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.

  • CVE-2024-26585MedFeb 21, 2024
    affected < 12-150500.2.1fixed 12-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling

  • CVE-2024-1086HigKEVJan 31, 2024
    affected < 10-150500.2.1fixed 10-150500.2.1

    A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cau

  • CVE-2024-0775MedJan 22, 2024
    affected < 10-150500.2.1fixed 10-150500.2.1

    A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.

  • CVE-2023-6531HigJan 21, 2024
    affected < 8-150500.2.2fixed 8-150500.2.2

    A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.

  • CVE-2023-6546HigDec 21, 2023
    affected < 12-150500.2.1fixed 12-150500.2.1

    A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci

  • CVE-2023-6932HigDec 19, 2023
    affected < 6-150500.2.1fixed 6-150500.2.1

    A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recomme

  • CVE-2023-6931HigDec 19, 2023
    affected < 12-150500.2.1fixed 12-150500.2.1

    A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recomme

  • CVE-2023-6176MedNov 16, 2023
    affected < 6-150500.2.1fixed 6-150500.2.1

    A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escal

  • CVE-2023-5178HigNov 1, 2023
    affected < 6-150500.2.1fixed 6-150500.2.1

    A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote c

  • CVE-2023-46813HigOct 27, 2023
    affected < 8-150500.2.2fixed 8-150500.2.2

    An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to ke

  • CVE-2023-5717HigOct 25, 2023
    affected < 10-150500.2.1fixed 10-150500.2.1

    A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can i

  • CVE-2023-39191HigOct 4, 2023
    affected < 8-150500.2.2fixed 8-150500.2.2

    An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalat

Page 1 of 6