VYPR

rpm package

suse/kernel-livepatch-SLE15_Update_33&distro=SUSE Linux Enterprise Live Patching 15

pkg:rpm/suse/kernel-livepatch-SLE15_Update_33&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Vulnerabilities (18)

  • CVE-2022-2588Jan 8, 2024
    affected < 1-150000.1.3.1fixed 1-150000.1.3.1

    It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.

  • CVE-2022-4378Jan 5, 2023
    affected < 2-150000.2.1fixed 2-150000.2.1

    A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.

  • CVE-2022-43945HigNov 4, 2022
    affected < 2-150000.2.1fixed 2-150000.2.1

    The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client c

  • CVE-2022-3586Oct 19, 2022
    affected < 2-150000.2.1fixed 2-150000.2.1

    A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to cra

  • CVE-2022-3545Oct 17, 2022
    affected < 2-150000.2.1fixed 2-150000.2.1

    A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is re

  • CVE-2022-41218Sep 21, 2022
    affected < 2-150000.2.1fixed 2-150000.2.1

    In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.

  • CVE-2022-2977Sep 14, 2022
    affected < 1-150000.1.3.1fixed 1-150000.1.3.1

    A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate priv

  • CVE-2022-39188Sep 2, 2022
    affected < 1-150000.1.3.1fixed 1-150000.1.3.1

    An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.

  • CVE-2022-2639Sep 1, 2022
    affected < 1-150000.1.3.1fixed 1-150000.1.3.1

    An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an

  • CVE-2022-2663Sep 1, 2022
    affected < 1-150000.1.3.1fixed 1-150000.1.3.1

    An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.

  • CVE-2022-3028Aug 31, 2022
    affected < 1-150000.1.3.1fixed 1-150000.1.3.1

    A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory

  • CVE-2022-21385Aug 29, 2022
    affected < 1-150000.1.3.1fixed 1-150000.1.3.1

    A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

  • CVE-2022-26373Aug 18, 2022
    affected < 1-150000.1.3.1fixed 1-150000.1.3.1

    Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

  • CVE-2022-20368Aug 11, 2022
    affected < 1-150000.1.3.1fixed 1-150000.1.3.1

    Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel

  • CVE-2022-20369Aug 11, 2022
    affected < 1-150000.1.3.1fixed 1-150000.1.3.1

    In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An

  • CVE-2022-36879Jul 27, 2022
    affected < 1-150000.1.3.1fixed 1-150000.1.3.1

    An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.

  • CVE-2021-4203Mar 25, 2022
    affected < 1-150000.1.3.1fixed 1-150000.1.3.1

    A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.

  • CVE-2020-36516Feb 26, 2022
    affected < 1-150000.1.3.1fixed 1-150000.1.3.1

    An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.