rpm package

suse/kernel-source&distro=SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE

pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE

Vulnerabilities (253)

CVE	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2022-21166	—		< 3.0.101-108.138.1	3.0.101-108.138.1	Jun 15, 2022	Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21127	—		< 3.0.101-108.138.1	3.0.101-108.138.1	Jun 15, 2022	Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21125	—		< 3.0.101-108.138.1	3.0.101-108.138.1	Jun 15, 2022	Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21123	—		< 3.0.101-108.138.1	3.0.101-108.138.1	Jun 15, 2022	Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-20166	—		< 3.0.101-108.138.1	3.0.101-108.138.1	Jun 15, 2022	In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An
CVE-2022-20132	—		< 3.0.101-108.138.1	3.0.101-108.138.1	Jun 15, 2022	In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges n
CVE-2022-21499	—		< 3.0.101-108.138.1	3.0.101-108.138.1	Jun 9, 2022	KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Scor
CVE-2022-1652	—		< 3.0.101-108.138.1	3.0.101-108.138.1	May 31, 2022	Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a
CVE-2022-1462	—		< 3.0.101-108.138.1	3.0.101-108.138.1	May 31, 2022	An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local u
CVE-2022-1679	—		< 3.0.101-108.138.1	3.0.101-108.138.1	May 16, 2022	A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-1353	—		< 3.0.101-108.138.1	3.0.101-108.138.1	Apr 29, 2022	A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
CVE-2022-1048	—		< 3.0.101-108.138.1	3.0.101-108.138.1	Apr 29, 2022	A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
CVE-2022-28356	—		< 3.0.101-108.138.1	3.0.101-108.138.1	Apr 2, 2022	In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
CVE-2021-45868	—		< 3.0.101-108.138.1	3.0.101-108.138.1	Mar 18, 2022	In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.
CVE-2022-1011	—		< 3.0.101-108.138.1	3.0.101-108.138.1	Mar 18, 2022	A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
CVE-2021-39713	—		< 3.0.101-108.138.1	3.0.101-108.138.1	Mar 16, 2022	Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel
CVE-2021-26341	—		< 3.0.101-108.138.1	3.0.101-108.138.1	Mar 11, 2022	Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
CVE-2021-0920	—	KEV	< 3.0.101-108.201.1	3.0.101-108.201.1	Dec 15, 2021	In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro
CVE-2021-43389	—		< 3.0.101-108.159.1	3.0.101-108.159.1	Nov 4, 2021	An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
CVE-2020-26555	—		< 3.0.101-108.150.1	3.0.101-108.150.1	May 24, 2021	Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.

CVE-2022-21166Jun 15, 2022
affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21127Jun 15, 2022
affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21125Jun 15, 2022
affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21123Jun 15, 2022
affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-20166Jun 15, 2022
affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An
CVE-2022-20132Jun 15, 2022
affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges n
CVE-2022-21499Jun 9, 2022
affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Scor
CVE-2022-1652May 31, 2022
affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a
CVE-2022-1462May 31, 2022
affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local u
CVE-2022-1679May 16, 2022
affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-1353Apr 29, 2022
affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
CVE-2022-1048Apr 29, 2022
affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
CVE-2022-28356Apr 2, 2022
affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
CVE-2021-45868Mar 18, 2022
affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.
CVE-2022-1011Mar 18, 2022
affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
CVE-2021-39713Mar 16, 2022
affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel
CVE-2021-26341Mar 11, 2022
affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
CVE-2021-0920KEVDec 15, 2021
affected < 3.0.101-108.201.1fixed 3.0.101-108.201.1
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro
CVE-2021-43389Nov 4, 2021
affected < 3.0.101-108.159.1fixed 3.0.101-108.159.1
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
CVE-2020-26555May 24, 2021
affected < 3.0.101-108.150.1fixed 3.0.101-108.150.1
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.

Page 12 of 13