rpm package

suse/kernel-livepatch-SLE15_Update_34&distro=SUSE Linux Enterprise Live Patching 15

pkg:rpm/suse/kernel-livepatch-SLE15_Update_34&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015

Vulnerabilities (9)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-4378		—	< 2-150000.2.1	2-150000.2.1	Jan 5, 2023	A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-43945	Hig	7.5	< 2-150000.2.1	2-150000.2.1	Nov 4, 2022	The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client c
CVE-2022-3586		—	< 2-150000.2.1	2-150000.2.1	Oct 19, 2022	A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to cra
CVE-2022-3545		—	< 2-150000.2.1	2-150000.2.1	Oct 17, 2022	A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is re
CVE-2022-41848		—	< 1-150000.1.3.1	1-150000.1.3.1	Sep 30, 2022	drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.
CVE-2022-3303		—	< 1-150000.1.3.1	1-150000.1.3.1	Sep 27, 2022	A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system,
CVE-2022-41218		—	< 1-150000.1.3.1	1-150000.1.3.1	Sep 21, 2022	In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
CVE-2022-3239		—	< 1-150000.1.3.1	1-150000.1.3.1	Sep 19, 2022	A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
CVE-2022-2503		—	< 1-150000.1.3.1	1-150000.1.3.1	Aug 12, 2022	Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equiva

CVE-2022-4378Jan 5, 2023
affected < 2-150000.2.1fixed 2-150000.2.1
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-43945HigNov 4, 2022
affected < 2-150000.2.1fixed 2-150000.2.1
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client c
CVE-2022-3586Oct 19, 2022
affected < 2-150000.2.1fixed 2-150000.2.1
A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to cra
CVE-2022-3545Oct 17, 2022
affected < 2-150000.2.1fixed 2-150000.2.1
A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is re
CVE-2022-41848Sep 30, 2022
affected < 1-150000.1.3.1fixed 1-150000.1.3.1
drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.
CVE-2022-3303Sep 27, 2022
affected < 1-150000.1.3.1fixed 1-150000.1.3.1
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system,
CVE-2022-41218Sep 21, 2022
affected < 1-150000.1.3.1fixed 1-150000.1.3.1
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
CVE-2022-3239Sep 19, 2022
affected < 1-150000.1.3.1fixed 1-150000.1.3.1
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
CVE-2022-2503Aug 12, 2022
affected < 1-150000.1.3.1fixed 1-150000.1.3.1
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equiva