VYPR

rpm package

suse/kernel-source&distro=SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE

pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE

Vulnerabilities (253)

  • CVE-2022-3303Sep 27, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system,

  • CVE-2022-41218Sep 21, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.

  • CVE-2022-40768Sep 18, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

  • CVE-2022-39188Sep 2, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.

  • CVE-2022-2663Sep 1, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.

  • CVE-2022-3028Aug 31, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory

  • CVE-2022-21385Aug 29, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

  • CVE-2022-20368Aug 11, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel

  • CVE-2022-20369Aug 11, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An

  • CVE-2022-36879Jul 27, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.

  • CVE-2022-36946Jul 27, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.

  • CVE-2020-36557Jul 21, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.

  • CVE-2020-36558Jul 21, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.

  • CVE-2021-33655Jul 18, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.

  • CVE-2021-33656Jul 18, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.

  • CVE-2022-29900Jul 12, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

  • CVE-2022-29901Jul 12, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code exe

  • CVE-2022-2318Jul 6, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.

  • CVE-2022-33981Jun 18, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.

  • CVE-2022-21180Jun 15, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.

Page 11 of 13