rpm package

suse/kernel-preempt&distro=SUSE Linux Enterprise Real Time 15 SP2

pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2

Vulnerabilities (41)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-22942	—	< 5.3.18-24.102.1	5.3.18-24.102.1	Dec 13, 2023	The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
CVE-2022-1016	—	< 5.3.18-150200.24.112.1	5.3.18-150200.24.112.1	Aug 29, 2022	A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
CVE-2022-0850	—	< 5.3.18-150200.24.112.1	5.3.18-150200.24.112.1	Aug 29, 2022	A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.
CVE-2022-1048	—	< 5.3.18-150200.24.112.1	5.3.18-150200.24.112.1	Apr 29, 2022	A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
CVE-2022-28388	—	< 5.3.18-150200.24.112.1	5.3.18-150200.24.112.1	Apr 3, 2022	usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28389	—	< 5.3.18-150200.24.112.1	5.3.18-150200.24.112.1	Apr 3, 2022	mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28390	—	< 5.3.18-150200.24.112.1	5.3.18-150200.24.112.1	Apr 3, 2022	ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-1055	—	< 5.3.18-150200.24.112.1	5.3.18-150200.24.112.1	Mar 29, 2022	A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
CVE-2022-0435	—	< 5.3.18-24.102.1	5.3.18-24.102.1	Mar 25, 2022	A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate
CVE-2022-0330	—	< 5.3.18-24.102.1	5.3.18-24.102.1	Mar 25, 2022	A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2022-0854	—	< 5.3.18-150200.24.112.1	5.3.18-150200.24.112.1	Mar 23, 2022	A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
CVE-2022-27666	—	< 5.3.18-150200.24.112.1	5.3.18-150200.24.112.1	Mar 23, 2022	A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
CVE-2021-45868	—	< 5.3.18-150200.24.112.1	5.3.18-150200.24.112.1	Mar 18, 2022	In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.
CVE-2021-39698	—	< 5.3.18-150200.24.112.1	5.3.18-150200.24.112.1	Mar 16, 2022	In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android ke
CVE-2022-26966	—	< 5.3.18-150200.24.112.1	5.3.18-150200.24.112.1	Mar 12, 2022	An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.
CVE-2022-0002	—	< 5.3.18-24.107.1	5.3.18-24.107.1	Mar 11, 2022	Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2022-0001	—	< 5.3.18-24.107.1	5.3.18-24.107.1	Mar 11, 2022	Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2022-23042	—	< 5.3.18-150200.24.112.1	5.3.18-150200.24.112.1	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23041	—	< 5.3.18-150200.24.112.1	5.3.18-150200.24.112.1	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23040	—	< 5.3.18-150200.24.112.1	5.3.18-150200.24.112.1	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access

CVE-2022-22942Dec 13, 2023
affected < 5.3.18-24.102.1fixed 5.3.18-24.102.1
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
CVE-2022-1016Aug 29, 2022
affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
CVE-2022-0850Aug 29, 2022
affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.
CVE-2022-1048Apr 29, 2022
affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
CVE-2022-28388Apr 3, 2022
affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28389Apr 3, 2022
affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28390Apr 3, 2022
affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-1055Mar 29, 2022
affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
CVE-2022-0435Mar 25, 2022
affected < 5.3.18-24.102.1fixed 5.3.18-24.102.1
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate
CVE-2022-0330Mar 25, 2022
affected < 5.3.18-24.102.1fixed 5.3.18-24.102.1
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2022-0854Mar 23, 2022
affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
CVE-2022-27666Mar 23, 2022
affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
CVE-2021-45868Mar 18, 2022
affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.
CVE-2021-39698Mar 16, 2022
affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android ke
CVE-2022-26966Mar 12, 2022
affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.
CVE-2022-0002Mar 11, 2022
affected < 5.3.18-24.107.1fixed 5.3.18-24.107.1
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2022-0001Mar 11, 2022
affected < 5.3.18-24.107.1fixed 5.3.18-24.107.1
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2022-23042Mar 10, 2022
affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23041Mar 10, 2022
affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23040Mar 10, 2022
affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access

Page 1 of 3