rpm package
suse/kernel-obs-build&distro=SUSE Linux Enterprise Software Development Kit 12 SP5
pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
Vulnerabilities (1,486)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3923 | Low | 2.3 | < 4.12.14-122.156.1 | 4.12.14-122.156.1 | Mar 27, 2023 | A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user info | |
| CVE-2020-36691 | Med | 5.5 | < 4.12.14-122.159.1 | 4.12.14-122.159.1 | Mar 24, 2023 | An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. | |
| CVE-2023-1513 | Low | 3.3 | < 4.12.14-122.156.1 | 4.12.14-122.156.1 | Mar 23, 2023 | A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. | |
| CVE-2023-1249 | Med | 5.5 | < 4.12.14-122.165.1 | 4.12.14-122.165.1 | Mar 23, 2023 | A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. | |
| CVE-2023-0590 | Med | 4.7 | < 4.12.14-122.150.1 | 4.12.14-122.150.1 | Mar 23, 2023 | A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. | |
| CVE-2023-28772 | Med | 6.7 | < 4.12.14-122.156.1 | 4.12.14-122.156.1 | Mar 23, 2023 | An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. | |
| CVE-2022-4095 | Hig | 7.8 | < 4.12.14-122.144.1 | 4.12.14-122.144.1 | Mar 22, 2023 | A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. | |
| CVE-2023-1281 | Hig | 7.8 | < 4.12.14-122.156.1 | 4.12.14-122.156.1 | Mar 22, 2023 | Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A l | |
| CVE-2023-1390 | Hig | 7.5 | < 4.12.14-122.156.1 | 4.12.14-122.156.1 | Mar 16, 2023 | A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in | |
| CVE-2023-28466 | Hig | 7.0 | < 4.12.14-122.162.1 | 4.12.14-122.162.1 | Mar 16, 2023 | do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). | |
| CVE-2022-3424 | Hig | 7.8 | < 4.12.14-122.139.1 | 4.12.14-122.139.1 | Mar 6, 2023 | A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate | |
| CVE-2023-1118 | Hig | 7.8 | < 4.12.14-122.153.1 | 4.12.14-122.153.1 | Mar 2, 2023 | A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | |
| CVE-2023-1095 | Med | 5.5 | < 4.12.14-122.156.1 | 4.12.14-122.156.1 | Feb 28, 2023 | In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer deref | |
| CVE-2023-0461 | Hig | 7.8 | < 4.12.14-122.186.1 | 4.12.14-122.186.1 | Feb 28, 2023 | There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege | |
| CVE-2023-26545 | Med | 4.7 | < 4.12.14-122.153.1 | 4.12.14-122.153.1 | Feb 25, 2023 | In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | |
| CVE-2023-0597 | Med | 5.5 | < 4.12.14-122.153.1 | 4.12.14-122.153.1 | Feb 23, 2023 | A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected l | |
| CVE-2023-0266 | Hig | 7.9 | KEV | < 4.12.14-122.150.1 | 4.12.14-122.150.1 | Jan 30, 2023 | A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgradin |
| CVE-2023-0394 | Med | 5.5 | < 4.12.14-122.147.1 | 4.12.14-122.147.1 | Jan 26, 2023 | A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. | |
| CVE-2022-47929 | Med | 5.5 | < 4.12.14-122.150.1 | 4.12.14-122.150.1 | Jan 17, 2023 | In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This aff | |
| CVE-2022-41858 | Hig | 7.1 | < 4.12.14-122.144.1 | 4.12.14-122.144.1 | Jan 17, 2023 | A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. |
- affected < 4.12.14-122.156.1fixed 4.12.14-122.156.1
A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user info
- affected < 4.12.14-122.159.1fixed 4.12.14-122.159.1
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.
- affected < 4.12.14-122.156.1fixed 4.12.14-122.156.1
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
- affected < 4.12.14-122.165.1fixed 4.12.14-122.165.1
A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected.
- affected < 4.12.14-122.150.1fixed 4.12.14-122.150.1
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
- affected < 4.12.14-122.156.1fixed 4.12.14-122.156.1
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
- affected < 4.12.14-122.144.1fixed 4.12.14-122.144.1
A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.
- affected < 4.12.14-122.156.1fixed 4.12.14-122.156.1
Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A l
- affected < 4.12.14-122.156.1fixed 4.12.14-122.156.1
A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in
- affected < 4.12.14-122.162.1fixed 4.12.14-122.162.1
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
- affected < 4.12.14-122.139.1fixed 4.12.14-122.139.1
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate
- affected < 4.12.14-122.153.1fixed 4.12.14-122.153.1
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
- affected < 4.12.14-122.156.1fixed 4.12.14-122.156.1
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer deref
- affected < 4.12.14-122.186.1fixed 4.12.14-122.186.1
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege
- affected < 4.12.14-122.153.1fixed 4.12.14-122.153.1
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
- affected < 4.12.14-122.153.1fixed 4.12.14-122.153.1
A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected l
- affected < 4.12.14-122.150.1fixed 4.12.14-122.150.1
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgradin
- affected < 4.12.14-122.147.1fixed 4.12.14-122.147.1
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.
- affected < 4.12.14-122.150.1fixed 4.12.14-122.150.1
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This aff
- affected < 4.12.14-122.144.1fixed 4.12.14-122.144.1
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.
Page 50 of 75