rpm package
suse/kernel-source&distro=SUSE Linux Enterprise Module for Basesystem 15 SP4
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4
Vulnerabilities (314)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-28356 | — | < 5.14.21-150400.24.21.2 | 5.14.21-150400.24.21.2 | Apr 2, 2022 | In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. | ||
| CVE-2022-0494 | — | < 5.14.21-150400.24.11.1 | 5.14.21-150400.24.11.1 | Mar 25, 2022 | A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. | ||
| CVE-2021-26341 | — | < 5.14.21-150400.24.11.1 | 5.14.21-150400.24.11.1 | Mar 11, 2022 | Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. | ||
| CVE-2022-26490 | — | < 5.14.21-150400.24.11.1 | 5.14.21-150400.24.11.1 | Mar 6, 2022 | st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. | ||
| CVE-2020-36516 | — | < 5.14.21-150400.24.21.2 | 5.14.21-150400.24.21.2 | Feb 26, 2022 | An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. | ||
| CVE-2022-0617 | — | < 5.14.21-150400.24.11.1 | 5.14.21-150400.24.11.1 | Feb 16, 2022 | A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. | ||
| CVE-2021-44879 | — | < 5.14.21-150400.24.11.1 | 5.14.21-150400.24.11.1 | Feb 13, 2022 | In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference. | ||
| CVE-2021-45402 | — | < 5.14.21-150400.24.11.1 | 5.14.21-150400.24.11.1 | Feb 11, 2022 | The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a "pointer leak." | ||
| CVE-2021-33061 | — | < 5.14.21-150400.24.11.1 | 5.14.21-150400.24.11.1 | Feb 9, 2022 | Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. | ||
| CVE-2022-0264 | — | < 5.14.21-150400.24.11.1 | 5.14.21-150400.24.11.1 | Feb 4, 2022 | A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory deta | ||
| CVE-2022-23222 | — | < 5.14.21-150400.24.11.1 | 5.14.21-150400.24.11.1 | Jan 14, 2022 | kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. | ||
| CVE-2020-24588 | Low | 3.5 | < 5.14.21-150400.24.46.1 | 5.14.21-150400.24.46.1 | May 11, 2021 | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is manda | |
| CVE-2017-5753 | — | < 5.14.21-150400.24.60.1 | 5.14.21-150400.24.60.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||
| CVE-2016-3695 | Med | 5.5 | < 5.14.21-150400.24.21.2 | 5.14.21-150400.24.21.2 | Dec 29, 2017 | The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. |
- CVE-2022-28356Apr 2, 2022affected < 5.14.21-150400.24.21.2fixed 5.14.21-150400.24.21.2
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
- CVE-2022-0494Mar 25, 2022affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.
- CVE-2021-26341Mar 11, 2022affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
- CVE-2022-26490Mar 6, 2022affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
- CVE-2020-36516Feb 26, 2022affected < 5.14.21-150400.24.21.2fixed 5.14.21-150400.24.21.2
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
- CVE-2022-0617Feb 16, 2022affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1
A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.
- CVE-2021-44879Feb 13, 2022affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1
In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.
- CVE-2021-45402Feb 11, 2022affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1
The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."
- CVE-2021-33061Feb 9, 2022affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1
Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2022-0264Feb 4, 2022affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1
A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory deta
- CVE-2022-23222Jan 14, 2022affected < 5.14.21-150400.24.11.1fixed 5.14.21-150400.24.11.1
kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.
- affected < 5.14.21-150400.24.46.1fixed 5.14.21-150400.24.46.1
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is manda
- CVE-2017-5753Jan 4, 2018affected < 5.14.21-150400.24.60.1fixed 5.14.21-150400.24.60.1
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- affected < 5.14.21-150400.24.21.2fixed 5.14.21-150400.24.21.2
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.
Page 16 of 16