VYPR

rpm package

suse/kernel-livepatch-SLE15-SP5_Update_7&distro=SUSE Linux Enterprise Live Patching 15 SP5

pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_7&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5

Vulnerabilities (34)

  • CVE-2024-23307MedJan 25, 2024
    affected < 9-150500.2.1fixed 9-150500.2.1

    Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.

  • CVE-2023-6531Jan 21, 2024
    affected < 4-150500.2.3fixed 4-150500.2.3

    A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.

  • CVE-2023-34324Jan 5, 2024
    affected < 1-150500.11.5.1fixed 1-150500.11.5.1

    Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. t

  • CVE-2023-51780Dec 25, 2023
    affected < 3-150500.2.1fixed 3-150500.2.1

    An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.

  • CVE-2023-6932HigDec 19, 2023
    affected < 2-150500.2.1fixed 2-150500.2.1

    A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recomme

  • CVE-2023-6176Nov 16, 2023
    affected < 2-150500.2.1fixed 2-150500.2.1

    A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escal

  • CVE-2023-5178Nov 1, 2023
    affected < 1-150500.11.5.1fixed 1-150500.11.5.1

    A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote c

  • CVE-2023-46813Oct 27, 2023
    affected < 1-150500.11.5.1fixed 1-150500.11.5.1

    An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to ke

  • CVE-2023-39193Oct 9, 2023
    affected < 1-150500.11.5.1fixed 1-150500.11.5.1

    A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.

  • CVE-2023-39189Oct 9, 2023
    affected < 1-150500.11.5.1fixed 1-150500.11.5.1

    A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or inform

  • CVE-2023-39191Oct 4, 2023
    affected < 1-150500.11.5.1fixed 1-150500.11.5.1

    An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalat

  • CVE-2023-2163Sep 20, 2023
    affected < 1-150500.11.5.1fixed 1-150500.11.5.1

    Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.

  • CVE-2023-3777Sep 6, 2023
    affected < 1-150500.11.5.1fixed 1-150500.11.5.1

    A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release

  • CVE-2023-31085Apr 24, 2023
    affected < 1-150500.11.5.1fixed 1-150500.11.5.1

    An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.

Page 2 of 2