VYPR

rpm package

suse/kernel-livepatch-SLE15-SP5_Update_8&distro=SUSE Linux Enterprise Live Patching 15 SP5

pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_8&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5

Vulnerabilities (39)

  • CVE-2024-1085Jan 31, 2024
    affected < 5-150500.2.1fixed 5-150500.2.1

    A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the

  • CVE-2023-39197Jan 23, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.

  • CVE-2024-0565Jan 15, 2024
    affected < 5-150500.2.1fixed 5-150500.2.1

    An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.

  • CVE-2023-51780Dec 25, 2023
    affected < 3-150500.2.1fixed 3-150500.2.1

    An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.

  • CVE-2023-6546Dec 21, 2023
    affected < 7-150500.2.1fixed 7-150500.2.1

    A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci

  • CVE-2023-6932HigDec 19, 2023
    affected < 2-150500.2.1fixed 2-150500.2.1

    A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recomme

  • CVE-2023-6931HigDec 19, 2023
    affected < 8-150500.2.1fixed 8-150500.2.1

    A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recomme

  • CVE-2023-6176Nov 16, 2023
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escal

  • CVE-2023-39198Nov 9, 2023
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the ret

  • CVE-2023-6039Nov 9, 2023
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.

  • CVE-2023-46862Oct 29, 2023
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.

  • CVE-2023-5717Oct 25, 2023
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can i

  • CVE-2023-5633Oct 23, 2023
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unp

  • CVE-2023-45871Oct 15, 2023
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.

  • CVE-2023-45863Oct 14, 2023
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.

  • CVE-2023-5158Sep 25, 2023
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor.

  • CVE-2023-4244Sep 6, 2023
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to under

  • CVE-2023-25775Aug 11, 2023
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

  • CVE-2023-2006Apr 24, 2023
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary cod

Page 2 of 2