rpm package

suse/kernel-obs-build&distro=SUSE Linux Enterprise Real Time 15 SP3

pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3

Vulnerabilities (122)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-28693	Med	4.7	< 5.3.18-150300.59.106.1	5.3.18-150300.59.106.1	Feb 14, 2025	Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2022-2602		—	< 5.3.18-150300.59.106.1	5.3.18-150300.59.106.1	Jan 8, 2024	io_uring UAF, Unix SCM garbage collection
CVE-2023-3090		—	< 5.3.18-150300.59.127.1	5.3.18-150300.59.127.1	Jun 28, 2023	A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_
CVE-2023-3358		—	< 5.3.18-150300.59.127.1	5.3.18-150300.59.127.1	Jun 28, 2023	A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.
CVE-2023-35828		—	< 5.3.18-150300.59.127.1	5.3.18-150300.59.127.1	Jun 18, 2023	An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
CVE-2023-35824		—	< 5.3.18-150300.59.127.1	5.3.18-150300.59.127.1	Jun 18, 2023	An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
CVE-2023-35823		—	< 5.3.18-150300.59.127.1	5.3.18-150300.59.127.1	Jun 18, 2023	An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
CVE-2023-35788		—	< 5.3.18-150300.59.127.1	5.3.18-150300.59.127.1	Jun 16, 2023	An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
CVE-2023-3268		—	< 5.3.18-150300.59.127.1	5.3.18-150300.59.127.1	Jun 16, 2023	An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
CVE-2023-3161		—	< 5.3.18-150300.59.127.1	5.3.18-150300.59.127.1	Jun 12, 2023	A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.
CVE-2023-3159		—	< 5.3.18-150300.59.127.1	5.3.18-150300.59.127.1	Jun 12, 2023	A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.
CVE-2023-3141		—	< 5.3.18-150300.59.127.1	5.3.18-150300.59.127.1	Jun 9, 2023	A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
CVE-2023-2002		—	< 5.3.18-150300.59.127.1	5.3.18-150300.59.127.1	May 26, 2023	A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availabil
CVE-2023-33288		—	< 5.3.18-150300.59.124.1	5.3.18-150300.59.124.1	May 22, 2023	An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition.
CVE-2020-36694		—	< 5.3.18-150300.59.124.1	5.3.18-150300.59.124.1	May 21, 2023	An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capa
CVE-2023-2124		—	< 5.3.18-150300.59.121.2	5.3.18-150300.59.121.2	May 15, 2023	An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2023-2156		—	< 5.3.18-150300.59.124.1	5.3.18-150300.59.124.1	May 9, 2023	A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create
CVE-2023-32233		—	< 5.3.18-150300.59.124.1	5.3.18-150300.59.124.1	May 8, 2023	In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mis
CVE-2023-2513		—	< 5.3.18-150300.59.124.1	5.3.18-150300.59.124.1	May 8, 2023	A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
CVE-2023-32269		—	< 5.3.18-150300.59.124.1	5.3.18-150300.59.124.1	May 5, 2023	An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing con

CVE-2022-28693MedFeb 14, 2025
affected < 5.3.18-150300.59.106.1fixed 5.3.18-150300.59.106.1
Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2022-2602Jan 8, 2024
affected < 5.3.18-150300.59.106.1fixed 5.3.18-150300.59.106.1
io_uring UAF, Unix SCM garbage collection
CVE-2023-3090Jun 28, 2023
affected < 5.3.18-150300.59.127.1fixed 5.3.18-150300.59.127.1
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_
CVE-2023-3358Jun 28, 2023
affected < 5.3.18-150300.59.127.1fixed 5.3.18-150300.59.127.1
A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.
CVE-2023-35828Jun 18, 2023
affected < 5.3.18-150300.59.127.1fixed 5.3.18-150300.59.127.1
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
CVE-2023-35824Jun 18, 2023
affected < 5.3.18-150300.59.127.1fixed 5.3.18-150300.59.127.1
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
CVE-2023-35823Jun 18, 2023
affected < 5.3.18-150300.59.127.1fixed 5.3.18-150300.59.127.1
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
CVE-2023-35788Jun 16, 2023
affected < 5.3.18-150300.59.127.1fixed 5.3.18-150300.59.127.1
An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.
CVE-2023-3268Jun 16, 2023
affected < 5.3.18-150300.59.127.1fixed 5.3.18-150300.59.127.1
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
CVE-2023-3161Jun 12, 2023
affected < 5.3.18-150300.59.127.1fixed 5.3.18-150300.59.127.1
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.
CVE-2023-3159Jun 12, 2023
affected < 5.3.18-150300.59.127.1fixed 5.3.18-150300.59.127.1
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.
CVE-2023-3141Jun 9, 2023
affected < 5.3.18-150300.59.127.1fixed 5.3.18-150300.59.127.1
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
CVE-2023-2002May 26, 2023
affected < 5.3.18-150300.59.127.1fixed 5.3.18-150300.59.127.1
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availabil
CVE-2023-33288May 22, 2023
affected < 5.3.18-150300.59.124.1fixed 5.3.18-150300.59.124.1
An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition.
CVE-2020-36694May 21, 2023
affected < 5.3.18-150300.59.124.1fixed 5.3.18-150300.59.124.1
An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capa
CVE-2023-2124May 15, 2023
affected < 5.3.18-150300.59.121.2fixed 5.3.18-150300.59.121.2
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2023-2156May 9, 2023
affected < 5.3.18-150300.59.124.1fixed 5.3.18-150300.59.124.1
A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create
CVE-2023-32233May 8, 2023
affected < 5.3.18-150300.59.124.1fixed 5.3.18-150300.59.124.1
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mis
CVE-2023-2513May 8, 2023
affected < 5.3.18-150300.59.124.1fixed 5.3.18-150300.59.124.1
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
CVE-2023-32269May 5, 2023
affected < 5.3.18-150300.59.124.1fixed 5.3.18-150300.59.124.1
An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing con

Page 1 of 7