VYPR

rpm package

suse/kernel-obs-build&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2

pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Vulnerabilities (812)

  • CVE-2021-4135Jul 14, 2022
    affected < 5.3.18-24.99.1fixed 5.3.18-24.99.1

    A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data.

  • CVE-2022-29901MedJul 12, 2022
    affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1

    Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code exe

  • CVE-2022-29900MedJul 12, 2022
    affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1

    Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

  • CVE-2022-2318MedJul 6, 2022
    affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1

    There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.

  • CVE-2022-33742HigJul 5, 2022
    affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1

    Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-202

  • CVE-2022-33741HigJul 5, 2022
    affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1

    Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-202

  • CVE-2022-33740HigJul 5, 2022
    affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1

    Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-202

  • CVE-2022-26365HigJul 5, 2022
    affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1

    Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-202

  • CVE-2022-33981LowJun 18, 2022
    affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1

    drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.

  • CVE-2022-21180MedJun 15, 2022
    affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1

    Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.

  • CVE-2022-21166MedJun 15, 2022
    affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1

    Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2022-21127MedJun 15, 2022
    affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1

    Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2022-21125MedJun 15, 2022
    affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1

    Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2022-21123MedJun 15, 2022
    affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1

    Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2022-20166MedJun 15, 2022
    affected < 5.3.18-150200.24.129.1fixed 5.3.18-150200.24.129.1

    In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An

  • CVE-2022-20154MedJun 15, 2022
    affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1

    In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:

  • CVE-2022-20141HigJun 15, 2022
    affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1

    In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product

  • CVE-2022-20132MedJun 15, 2022
    affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1

    In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges n

  • CVE-2022-32296LowJun 5, 2022
    affected < 5.3.18-150200.24.134.1fixed 5.3.18-150200.24.134.1

    The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.

  • CVE-2022-32250HigJun 2, 2022
    affected < 5.3.18-150200.24.129.1fixed 5.3.18-150200.24.129.1

    net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

Page 36 of 41