rpm package
suse/kernel-livepatch-SLE15_Update_35&distro=SUSE Linux Enterprise Live Patching 15
pkg:rpm/suse/kernel-livepatch-SLE15_Update_35&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015
Vulnerabilities (36)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-3586 | Med | 5.5 | < 1-150000.1.5.1 | 1-150000.1.5.1 | Oct 19, 2022 | A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to cra | |
| CVE-2022-3594 | Med | 5.3 | < 1-150000.1.5.1 | 1-150000.1.5.1 | Oct 18, 2022 | A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched r | |
| CVE-2022-3567 | Med | 4.6 | < 1-150000.1.5.1 | 1-150000.1.5.1 | Oct 17, 2022 | A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VD | |
| CVE-2022-3565 | Med | 4.6 | < 1-150000.1.5.1 | 1-150000.1.5.1 | Oct 17, 2022 | A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch | |
| CVE-2022-3545 | Med | 5.5 | < 1-150000.1.5.1 | 1-150000.1.5.1 | Oct 17, 2022 | A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is re | |
| CVE-2022-3524 | Med | 4.3 | < 1-150000.1.5.1 | 1-150000.1.5.1 | Oct 16, 2022 | A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply | |
| CVE-2022-3521 | Low | 2.6 | < 1-150000.1.5.1 | 1-150000.1.5.1 | Oct 16, 2022 | A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VD | |
| CVE-2022-42703 | Med | 5.5 | < 1-150000.1.5.1 | 1-150000.1.5.1 | Oct 9, 2022 | mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. | |
| CVE-2022-41850 | Med | 4.7 | < 1-150000.1.5.1 | 1-150000.1.5.1 | Sep 30, 2022 | roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. | |
| CVE-2022-40768 | Med | 5.5 | < 1-150000.1.5.1 | 1-150000.1.5.1 | Sep 18, 2022 | drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | |
| CVE-2022-3169 | Med | 5.5 | < 1-150000.1.5.1 | 1-150000.1.5.1 | Sep 9, 2022 | A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect. | |
| CVE-2022-2964 | Hig | 7.8 | < 1-150000.1.5.1 | 1-150000.1.5.1 | Sep 9, 2022 | A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. | |
| CVE-2022-40307 | Med | 4.7 | < 1-150000.1.5.1 | 1-150000.1.5.1 | Sep 9, 2022 | An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. | |
| CVE-2022-2153 | Med | 5.5 | < 1-150000.1.5.1 | 1-150000.1.5.1 | Aug 31, 2022 | A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl | |
| CVE-2021-4037 | Hig | 7.8 | < 1-150000.1.5.1 | 1-150000.1.5.1 | Aug 24, 2022 | A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a direct | |
| CVE-2022-33981 | Low | 3.3 | < 1-150000.1.5.1 | 1-150000.1.5.1 | Jun 18, 2022 | drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. |
- affected < 1-150000.1.5.1fixed 1-150000.1.5.1
A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to cra
- affected < 1-150000.1.5.1fixed 1-150000.1.5.1
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched r
- affected < 1-150000.1.5.1fixed 1-150000.1.5.1
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VD
- affected < 1-150000.1.5.1fixed 1-150000.1.5.1
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch
- affected < 1-150000.1.5.1fixed 1-150000.1.5.1
A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is re
- affected < 1-150000.1.5.1fixed 1-150000.1.5.1
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply
- affected < 1-150000.1.5.1fixed 1-150000.1.5.1
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VD
- affected < 1-150000.1.5.1fixed 1-150000.1.5.1
mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
- affected < 1-150000.1.5.1fixed 1-150000.1.5.1
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
- affected < 1-150000.1.5.1fixed 1-150000.1.5.1
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
- affected < 1-150000.1.5.1fixed 1-150000.1.5.1
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.
- affected < 1-150000.1.5.1fixed 1-150000.1.5.1
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
- affected < 1-150000.1.5.1fixed 1-150000.1.5.1
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
- affected < 1-150000.1.5.1fixed 1-150000.1.5.1
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl
- affected < 1-150000.1.5.1fixed 1-150000.1.5.1
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a direct
- affected < 1-150000.1.5.1fixed 1-150000.1.5.1
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
Page 2 of 2