rpm package
suse/kernel-rt&distro=SUSE Linux Enterprise Micro 5.2
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
Vulnerabilities (1,678)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1195 | — | < 5.3.18-150300.85.1 | 5.3.18-150300.85.1 | Apr 29, 2022 | A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. | ||
| CVE-2022-1048 | — | < 5.3.18-150300.85.1 | 5.3.18-150300.85.1 | Apr 29, 2022 | A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat | ||
| CVE-2022-1280 | — | < 5.3.18-150300.88.2 | 5.3.18-150300.88.2 | Apr 13, 2022 | A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. | ||
| CVE-2022-29156 | — | < 5.3.18-150300.88.2 | 5.3.18-150300.88.2 | Apr 13, 2022 | drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. | ||
| CVE-2021-0707 | — | < 5.3.18-150300.88.2 | 5.3.18-150300.88.2 | Apr 12, 2022 | In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kerne | ||
| CVE-2022-28893 | — | < 5.3.18-150300.88.2 | 5.3.18-150300.88.2 | Apr 11, 2022 | The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. | ||
| CVE-2022-28388 | — | < 5.3.18-150300.85.1 | 5.3.18-150300.85.1 | Apr 3, 2022 | usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | ||
| CVE-2022-28389 | — | < 5.3.18-150300.85.1 | 5.3.18-150300.85.1 | Apr 3, 2022 | mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. | ||
| CVE-2022-28390 | — | < 5.3.18-150300.85.1 | 5.3.18-150300.85.1 | Apr 3, 2022 | ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. | ||
| CVE-2022-28356 | — | < 5.3.18-150300.88.2 | 5.3.18-150300.88.2 | Apr 2, 2022 | In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. | ||
| CVE-2022-1055 | — | < 5.3.18-150300.85.1 | 5.3.18-150300.85.1 | Mar 29, 2022 | A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 | ||
| CVE-2021-4157 | — | < 5.3.18-150300.96.1 | 5.3.18-150300.96.1 | Mar 25, 2022 | An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileg | ||
| CVE-2021-4203 | — | < 5.3.18-150300.106.1 | 5.3.18-150300.106.1 | Mar 25, 2022 | A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. | ||
| CVE-2022-0854 | — | < 5.3.18-150300.85.1 | 5.3.18-150300.85.1 | Mar 23, 2022 | A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. | ||
| CVE-2022-27666 | — | < 5.3.18-150300.85.1 | 5.3.18-150300.85.1 | Mar 23, 2022 | A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. | ||
| CVE-2021-45868 | — | < 5.3.18-150300.85.1 | 5.3.18-150300.85.1 | Mar 18, 2022 | In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. | ||
| CVE-2022-1011 | — | < 5.3.18-150300.85.1 | 5.3.18-150300.85.1 | Mar 18, 2022 | A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. | ||
| CVE-2021-39698 | — | < 5.3.18-150300.172.1 | 5.3.18-150300.172.1 | Mar 16, 2022 | In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android ke | ||
| CVE-2021-26341 | — | < 5.3.18-150300.96.1 | 5.3.18-150300.96.1 | Mar 11, 2022 | Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. | ||
| CVE-2021-3743 | — | < 5.3.18-150300.172.1 | 5.3.18-150300.172.1 | Mar 4, 2022 | An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat |
- CVE-2022-1195Apr 29, 2022affected < 5.3.18-150300.85.1fixed 5.3.18-150300.85.1
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.
- CVE-2022-1048Apr 29, 2022affected < 5.3.18-150300.85.1fixed 5.3.18-150300.85.1
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
- CVE-2022-1280Apr 13, 2022affected < 5.3.18-150300.88.2fixed 5.3.18-150300.88.2
A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.
- CVE-2022-29156Apr 13, 2022affected < 5.3.18-150300.88.2fixed 5.3.18-150300.88.2
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release.
- CVE-2021-0707Apr 12, 2022affected < 5.3.18-150300.88.2fixed 5.3.18-150300.88.2
In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kerne
- CVE-2022-28893Apr 11, 2022affected < 5.3.18-150300.88.2fixed 5.3.18-150300.88.2
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
- CVE-2022-28388Apr 3, 2022affected < 5.3.18-150300.85.1fixed 5.3.18-150300.85.1
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
- CVE-2022-28389Apr 3, 2022affected < 5.3.18-150300.85.1fixed 5.3.18-150300.85.1
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
- CVE-2022-28390Apr 3, 2022affected < 5.3.18-150300.85.1fixed 5.3.18-150300.85.1
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
- CVE-2022-28356Apr 2, 2022affected < 5.3.18-150300.88.2fixed 5.3.18-150300.88.2
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
- CVE-2022-1055Mar 29, 2022affected < 5.3.18-150300.85.1fixed 5.3.18-150300.85.1
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
- CVE-2021-4157Mar 25, 2022affected < 5.3.18-150300.96.1fixed 5.3.18-150300.96.1
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileg
- CVE-2021-4203Mar 25, 2022affected < 5.3.18-150300.106.1fixed 5.3.18-150300.106.1
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
- CVE-2022-0854Mar 23, 2022affected < 5.3.18-150300.85.1fixed 5.3.18-150300.85.1
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.
- CVE-2022-27666Mar 23, 2022affected < 5.3.18-150300.85.1fixed 5.3.18-150300.85.1
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
- CVE-2021-45868Mar 18, 2022affected < 5.3.18-150300.85.1fixed 5.3.18-150300.85.1
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.
- CVE-2022-1011Mar 18, 2022affected < 5.3.18-150300.85.1fixed 5.3.18-150300.85.1
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
- CVE-2021-39698Mar 16, 2022affected < 5.3.18-150300.172.1fixed 5.3.18-150300.172.1
In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android ke
- CVE-2021-26341Mar 11, 2022affected < 5.3.18-150300.96.1fixed 5.3.18-150300.96.1
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
- CVE-2021-3743Mar 4, 2022affected < 5.3.18-150300.172.1fixed 5.3.18-150300.172.1
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat
Page 83 of 84