rpm package
suse/kernel-preempt&distro=SUSE Linux Enterprise Workstation Extension 15 SP2
pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2
Vulnerabilities (111)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-34981 | — | < 5.3.18-24.96.1 | 5.3.18-24.96.1 | May 7, 2024 | Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target s | ||
| CVE-2021-3669 | — | < 5.3.18-24.86.2 | 5.3.18-24.86.2 | Aug 26, 2022 | A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | ||
| CVE-2021-3764 | — | < 5.3.18-24.86.2 | 5.3.18-24.86.2 | Aug 23, 2022 | A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. | ||
| CVE-2021-3759 | — | < 5.3.18-24.83.2 | 5.3.18-24.83.2 | Aug 23, 2022 | A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highe | ||
| CVE-2021-3659 | — | < 5.3.18-24.78.1 | 5.3.18-24.78.1 | Aug 22, 2022 | A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. | ||
| CVE-2021-3739 | — | < 5.3.18-24.83.2 | 5.3.18-24.83.2 | Mar 7, 2022 | A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat fr | ||
| CVE-2021-3732 | — | < 5.3.18-24.83.2 | 5.3.18-24.83.2 | Mar 7, 2022 | A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible. | ||
| CVE-2021-3656 | — | < 5.3.18-24.83.2 | 5.3.18-24.83.2 | Mar 4, 2022 | A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue c | ||
| CVE-2021-3428 | — | < 5.3.18-24.61.1 | 5.3.18-24.61.1 | Mar 4, 2022 | A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a sy | ||
| CVE-2021-3744 | — | < 5.3.18-24.86.2 | 5.3.18-24.86.2 | Mar 4, 2022 | A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. | ||
| CVE-2021-3743 | — | < 5.3.18-24.83.2 | 5.3.18-24.83.2 | Mar 4, 2022 | An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat | ||
| CVE-2021-3640 | — | < 5.3.18-24.83.2 | 5.3.18-24.83.2 | Mar 3, 2022 | A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable fau | ||
| CVE-2021-3609 | — | < 5.3.18-24.75.3 | 5.3.18-24.75.3 | Mar 3, 2022 | .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege e | ||
| CVE-2021-3715 | — | < 5.3.18-24.93.1 | 5.3.18-24.93.1 | Mar 2, 2022 | A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges | ||
| CVE-2021-3772 | — | < 5.3.18-24.93.1 | 5.3.18-24.93.1 | Mar 2, 2022 | A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. | ||
| CVE-2021-20322 | — | < 5.3.18-24.96.1 | 5.3.18-24.96.1 | Feb 18, 2022 | A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomizat | ||
| CVE-2021-3752 | — | < 5.3.18-24.86.2 | 5.3.18-24.86.2 | Feb 16, 2022 | A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vuln | ||
| CVE-2021-3760 | — | < 5.3.18-24.93.1 | 5.3.18-24.93.1 | Feb 16, 2022 | A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. | ||
| CVE-2021-3753 | — | < 5.3.18-24.83.2 | 5.3.18-24.83.2 | Feb 16, 2022 | A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidenti | ||
| CVE-2021-43389 | — | < 5.3.18-24.96.1 | 5.3.18-24.96.1 | Nov 4, 2021 | An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. |
- CVE-2021-34981May 7, 2024affected < 5.3.18-24.96.1fixed 5.3.18-24.96.1
Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target s
- CVE-2021-3669Aug 26, 2022affected < 5.3.18-24.86.2fixed 5.3.18-24.86.2
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.
- CVE-2021-3764Aug 23, 2022affected < 5.3.18-24.86.2fixed 5.3.18-24.86.2
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
- CVE-2021-3759Aug 23, 2022affected < 5.3.18-24.83.2fixed 5.3.18-24.83.2
A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highe
- CVE-2021-3659Aug 22, 2022affected < 5.3.18-24.78.1fixed 5.3.18-24.78.1
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.
- CVE-2021-3739Mar 7, 2022affected < 5.3.18-24.83.2fixed 5.3.18-24.83.2
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat fr
- CVE-2021-3732Mar 7, 2022affected < 5.3.18-24.83.2fixed 5.3.18-24.83.2
A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible.
- CVE-2021-3656Mar 4, 2022affected < 5.3.18-24.83.2fixed 5.3.18-24.83.2
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue c
- CVE-2021-3428Mar 4, 2022affected < 5.3.18-24.61.1fixed 5.3.18-24.61.1
A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a sy
- CVE-2021-3744Mar 4, 2022affected < 5.3.18-24.86.2fixed 5.3.18-24.86.2
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
- CVE-2021-3743Mar 4, 2022affected < 5.3.18-24.83.2fixed 5.3.18-24.83.2
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat
- CVE-2021-3640Mar 3, 2022affected < 5.3.18-24.83.2fixed 5.3.18-24.83.2
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable fau
- CVE-2021-3609Mar 3, 2022affected < 5.3.18-24.75.3fixed 5.3.18-24.75.3
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege e
- CVE-2021-3715Mar 2, 2022affected < 5.3.18-24.93.1fixed 5.3.18-24.93.1
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges
- CVE-2021-3772Mar 2, 2022affected < 5.3.18-24.93.1fixed 5.3.18-24.93.1
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
- CVE-2021-20322Feb 18, 2022affected < 5.3.18-24.96.1fixed 5.3.18-24.96.1
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomizat
- CVE-2021-3752Feb 16, 2022affected < 5.3.18-24.86.2fixed 5.3.18-24.86.2
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vuln
- CVE-2021-3760Feb 16, 2022affected < 5.3.18-24.93.1fixed 5.3.18-24.93.1
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.
- CVE-2021-3753Feb 16, 2022affected < 5.3.18-24.83.2fixed 5.3.18-24.83.2
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidenti
- CVE-2021-43389Nov 4, 2021affected < 5.3.18-24.96.1fixed 5.3.18-24.96.1
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
Page 1 of 6