rpm package
suse/kernel-source&distro=SUSE Enterprise Storage 7
pkg:rpm/suse/kernel-source&distro=SUSE%20Enterprise%20Storage%207
Vulnerabilities (279)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-23559 | — | < 5.3.18-150200.24.145.1 | 5.3.18-150200.24.145.1 | Jan 13, 2023 | In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. | ||
| CVE-2023-23455 | — | < 5.3.18-150200.24.142.1 | 5.3.18-150200.24.142.1 | Jan 12, 2023 | atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | ||
| CVE-2023-23454 | — | < 5.3.18-150200.24.142.1 | 5.3.18-150200.24.142.1 | Jan 12, 2023 | cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | ||
| CVE-2022-3628 | — | < 5.3.18-150200.24.139.1 | 5.3.18-150200.24.139.1 | Jan 12, 2023 | A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. | ||
| CVE-2022-2196 | — | < 5.3.18-150200.24.151.1 | 5.3.18-150200.24.151.1 | Jan 9, 2023 | A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker a | ||
| CVE-2022-4378 | — | < 5.3.18-150200.24.139.1 | 5.3.18-150200.24.139.1 | Jan 5, 2023 | A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||
| CVE-2022-4662 | — | < 5.3.18-150200.24.142.1 | 5.3.18-150200.24.142.1 | Dec 22, 2022 | A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. | ||
| CVE-2022-47520 | — | < 5.3.18-150200.24.142.1 | 5.3.18-150200.24.142.1 | Dec 18, 2022 | An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink | ||
| CVE-2022-3115 | — | < 5.3.18-150200.24.142.1 | 5.3.18-150200.24.142.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. | ||
| CVE-2022-3112 | — | < 5.3.18-150200.24.142.1 | 5.3.18-150200.24.142.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference. | ||
| CVE-2022-3108 | — | < 5.3.18-150200.24.142.1 | 5.3.18-150200.24.142.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup(). | ||
| CVE-2022-3107 | — | < 5.3.18-150200.24.142.1 | 5.3.18-150200.24.142.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference. | ||
| CVE-2022-3105 | — | < 5.3.18-150200.24.142.1 | 5.3.18-150200.24.142.1 | Dec 14, 2022 | An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array(). | ||
| CVE-2022-42329 | — | < 5.3.18-150200.24.142.1 | 5.3.18-150200.24.142.1 | Dec 7, 2022 | Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free | ||
| CVE-2022-42328 | — | < 5.3.18-150200.24.142.1 | 5.3.18-150200.24.142.1 | Dec 7, 2022 | Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free | ||
| CVE-2022-3643 | — | < 5.3.18-150200.24.142.1 | 5.3.18-150200.24.142.1 | Dec 7, 2022 | Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux networ | ||
| CVE-2022-4269 | — | < 5.3.18-150200.24.154.1 | 5.3.18-150200.24.154.1 | Dec 5, 2022 | A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in | ||
| CVE-2022-4129 | — | < 5.3.18-150200.24.139.1 | 5.3.18-150200.24.139.1 | Nov 28, 2022 | A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. | ||
| CVE-2022-45934 | — | < 5.3.18-150200.24.139.1 | 5.3.18-150200.24.139.1 | Nov 27, 2022 | An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | ||
| CVE-2022-45919 | — | < 5.3.18-150200.24.154.1 | 5.3.18-150200.24.154.1 | Nov 27, 2022 | An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. |
- CVE-2023-23559Jan 13, 2023affected < 5.3.18-150200.24.145.1fixed 5.3.18-150200.24.145.1
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
- CVE-2023-23455Jan 12, 2023affected < 5.3.18-150200.24.142.1fixed 5.3.18-150200.24.142.1
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
- CVE-2023-23454Jan 12, 2023affected < 5.3.18-150200.24.142.1fixed 5.3.18-150200.24.142.1
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
- CVE-2022-3628Jan 12, 2023affected < 5.3.18-150200.24.139.1fixed 5.3.18-150200.24.139.1
A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.
- CVE-2022-2196Jan 9, 2023affected < 5.3.18-150200.24.151.1fixed 5.3.18-150200.24.151.1
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker a
- CVE-2022-4378Jan 5, 2023affected < 5.3.18-150200.24.139.1fixed 5.3.18-150200.24.139.1
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
- CVE-2022-4662Dec 22, 2022affected < 5.3.18-150200.24.142.1fixed 5.3.18-150200.24.142.1
A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.
- CVE-2022-47520Dec 18, 2022affected < 5.3.18-150200.24.142.1fixed 5.3.18-150200.24.142.1
An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink
- CVE-2022-3115Dec 14, 2022affected < 5.3.18-150200.24.142.1fixed 5.3.18-150200.24.142.1
An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.
- CVE-2022-3112Dec 14, 2022affected < 5.3.18-150200.24.142.1fixed 5.3.18-150200.24.142.1
An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.
- CVE-2022-3108Dec 14, 2022affected < 5.3.18-150200.24.142.1fixed 5.3.18-150200.24.142.1
An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
- CVE-2022-3107Dec 14, 2022affected < 5.3.18-150200.24.142.1fixed 5.3.18-150200.24.142.1
An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.
- CVE-2022-3105Dec 14, 2022affected < 5.3.18-150200.24.142.1fixed 5.3.18-150200.24.142.1
An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().
- CVE-2022-42329Dec 7, 2022affected < 5.3.18-150200.24.142.1fixed 5.3.18-150200.24.142.1
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
- CVE-2022-42328Dec 7, 2022affected < 5.3.18-150200.24.142.1fixed 5.3.18-150200.24.142.1
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
- CVE-2022-3643Dec 7, 2022affected < 5.3.18-150200.24.142.1fixed 5.3.18-150200.24.142.1
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux networ
- CVE-2022-4269Dec 5, 2022affected < 5.3.18-150200.24.154.1fixed 5.3.18-150200.24.154.1
A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in
- CVE-2022-4129Nov 28, 2022affected < 5.3.18-150200.24.139.1fixed 5.3.18-150200.24.139.1
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.
- CVE-2022-45934Nov 27, 2022affected < 5.3.18-150200.24.139.1fixed 5.3.18-150200.24.139.1
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
- CVE-2022-45919Nov 27, 2022affected < 5.3.18-150200.24.154.1fixed 5.3.18-150200.24.154.1
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
Page 5 of 14