rpm package
suse/kernel-source&distro=SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Vulnerabilities (253)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-6932 | Hig | 7.8 | < 3.0.101-108.150.1 | 3.0.101-108.150.1 | Dec 19, 2023 | A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recomme | |
| CVE-2023-6606 | — | < 3.0.101-108.150.1 | 3.0.101-108.150.1 | Dec 8, 2023 | An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. | ||
| CVE-2023-1192 | — | < 3.0.101-108.147.1 | 3.0.101-108.147.1 | Nov 1, 2023 | A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access | ||
| CVE-2023-45863 | — | < 3.0.101-108.150.1 | 3.0.101-108.150.1 | Oct 14, 2023 | An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. | ||
| CVE-2023-39193 | — | < 3.0.101-108.150.1 | 3.0.101-108.150.1 | Oct 9, 2023 | A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. | ||
| CVE-2023-39192 | — | < 3.0.101-108.150.1 | 3.0.101-108.150.1 | Oct 9, 2023 | A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundarie | ||
| CVE-2023-39189 | — | < 3.0.101-108.150.1 | 3.0.101-108.150.1 | Oct 9, 2023 | A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or inform | ||
| CVE-2023-4623 | — | < 3.0.101-108.147.1 | 3.0.101-108.147.1 | Sep 6, 2023 | A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curv | ||
| CVE-2023-4459 | — | < 3.0.101-108.147.1 | 3.0.101-108.147.1 | Aug 21, 2023 | A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sani | ||
| CVE-2023-4385 | — | < 3.0.101-108.147.1 | 3.0.101-108.147.1 | Aug 16, 2023 | A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check. | ||
| CVE-2022-40982 | — | < 3.0.101-108.144.1 | 3.0.101-108.144.1 | Aug 11, 2023 | Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2023-20588 | — | < 3.0.101-108.147.1 | 3.0.101-108.147.1 | Aug 8, 2023 | A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. | ||
| CVE-2023-3772 | — | < 3.0.101-108.147.1 | 3.0.101-108.147.1 | Jul 25, 2023 | A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of s | ||
| CVE-2023-20593 | — | < 3.0.101-108.144.1 | 3.0.101-108.144.1 | Jul 24, 2023 | An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. | ||
| CVE-2023-3567 | — | < 3.0.101-108.144.1 | 3.0.101-108.144.1 | Jul 24, 2023 | A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. | ||
| CVE-2023-3776 | — | < 3.0.101-108.144.1 | 3.0.101-108.144.1 | Jul 21, 2023 | A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_b | ||
| CVE-2023-1206 | — | < 3.0.101-108.150.1 | 3.0.101-108.150.1 | Jun 30, 2023 | A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that acc | ||
| CVE-2023-35824 | — | < 3.0.101-108.144.1 | 3.0.101-108.144.1 | Jun 18, 2023 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. | ||
| CVE-2023-3268 | — | < 3.0.101-108.144.1 | 3.0.101-108.144.1 | Jun 16, 2023 | An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. | ||
| CVE-2023-3161 | — | < 3.0.101-108.144.1 | 3.0.101-108.144.1 | Jun 12, 2023 | A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. |
- affected < 3.0.101-108.150.1fixed 3.0.101-108.150.1
A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recomme
- CVE-2023-6606Dec 8, 2023affected < 3.0.101-108.150.1fixed 3.0.101-108.150.1
An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
- CVE-2023-1192Nov 1, 2023affected < 3.0.101-108.147.1fixed 3.0.101-108.147.1
A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access
- CVE-2023-45863Oct 14, 2023affected < 3.0.101-108.150.1fixed 3.0.101-108.150.1
An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.
- CVE-2023-39193Oct 9, 2023affected < 3.0.101-108.150.1fixed 3.0.101-108.150.1
A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
- CVE-2023-39192Oct 9, 2023affected < 3.0.101-108.150.1fixed 3.0.101-108.150.1
A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundarie
- CVE-2023-39189Oct 9, 2023affected < 3.0.101-108.150.1fixed 3.0.101-108.150.1
A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or inform
- CVE-2023-4623Sep 6, 2023affected < 3.0.101-108.147.1fixed 3.0.101-108.147.1
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curv
- CVE-2023-4459Aug 21, 2023affected < 3.0.101-108.147.1fixed 3.0.101-108.147.1
A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sani
- CVE-2023-4385Aug 16, 2023affected < 3.0.101-108.147.1fixed 3.0.101-108.147.1
A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.
- CVE-2022-40982Aug 11, 2023affected < 3.0.101-108.144.1fixed 3.0.101-108.144.1
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2023-20588Aug 8, 2023affected < 3.0.101-108.147.1fixed 3.0.101-108.147.1
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
- CVE-2023-3772Jul 25, 2023affected < 3.0.101-108.147.1fixed 3.0.101-108.147.1
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of s
- CVE-2023-20593Jul 24, 2023affected < 3.0.101-108.144.1fixed 3.0.101-108.144.1
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
- CVE-2023-3567Jul 24, 2023affected < 3.0.101-108.144.1fixed 3.0.101-108.144.1
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
- CVE-2023-3776Jul 21, 2023affected < 3.0.101-108.144.1fixed 3.0.101-108.144.1
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_b
- CVE-2023-1206Jun 30, 2023affected < 3.0.101-108.150.1fixed 3.0.101-108.150.1
A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that acc
- CVE-2023-35824Jun 18, 2023affected < 3.0.101-108.144.1fixed 3.0.101-108.144.1
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
- CVE-2023-3268Jun 16, 2023affected < 3.0.101-108.144.1fixed 3.0.101-108.144.1
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
- CVE-2023-3161Jun 12, 2023affected < 3.0.101-108.144.1fixed 3.0.101-108.144.1
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.
Page 8 of 13