rpm package
suse/kernel-livepatch-SLE15_Update_31&distro=SUSE Linux Enterprise Live Patching 15
pkg:rpm/suse/kernel-livepatch-SLE15_Update_31&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015
Vulnerabilities (28)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-20154 | — | < 1-150000.1.3.1 | 1-150000.1.3.1 | Jun 15, 2022 | In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: | ||
| CVE-2022-20141 | — | < 1-150000.1.3.1 | 1-150000.1.3.1 | Jun 15, 2022 | In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product | ||
| CVE-2022-20132 | — | < 1-150000.1.3.1 | 1-150000.1.3.1 | Jun 15, 2022 | In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges n | ||
| CVE-2022-1679 | — | < 1-150000.1.3.1 | 1-150000.1.3.1 | May 16, 2022 | A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||
| CVE-2021-4157 | — | < 1-150000.1.3.1 | 1-150000.1.3.1 | Mar 25, 2022 | An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileg | ||
| CVE-2021-26341 | — | < 1-150000.1.3.1 | 1-150000.1.3.1 | Mar 11, 2022 | Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. | ||
| CVE-2020-36516 | — | < 2-150000.2.1 | 2-150000.2.1 | Feb 26, 2022 | An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. | ||
| CVE-2020-26541 | — | < 1-150000.1.3.1 | 1-150000.1.3.1 | Oct 2, 2020 | The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. |
- CVE-2022-20154Jun 15, 2022affected < 1-150000.1.3.1fixed 1-150000.1.3.1
In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
- CVE-2022-20141Jun 15, 2022affected < 1-150000.1.3.1fixed 1-150000.1.3.1
In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product
- CVE-2022-20132Jun 15, 2022affected < 1-150000.1.3.1fixed 1-150000.1.3.1
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges n
- CVE-2022-1679May 16, 2022affected < 1-150000.1.3.1fixed 1-150000.1.3.1
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
- CVE-2021-4157Mar 25, 2022affected < 1-150000.1.3.1fixed 1-150000.1.3.1
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileg
- CVE-2021-26341Mar 11, 2022affected < 1-150000.1.3.1fixed 1-150000.1.3.1
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
- CVE-2020-36516Feb 26, 2022affected < 2-150000.2.1fixed 2-150000.2.1
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
- CVE-2020-26541Oct 2, 2020affected < 1-150000.1.3.1fixed 1-150000.1.3.1
The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
Page 2 of 2