rpm package
suse/kernel-source&distro=SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Vulnerabilities (253)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-3159 | — | < 3.0.101-108.144.1 | 3.0.101-108.144.1 | Jun 12, 2023 | A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. | ||
| CVE-2023-3141 | — | < 3.0.101-108.144.1 | 3.0.101-108.144.1 | Jun 9, 2023 | A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. | ||
| CVE-2023-3111 | — | < 3.0.101-108.150.1 | 3.0.101-108.150.1 | Jun 5, 2023 | A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). | ||
| CVE-2023-0459 | — | < 3.0.101-108.144.1 | 3.0.101-108.144.1 | May 25, 2023 | Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commi | ||
| CVE-2023-32269 | — | < 3.0.101-108.141.1 | 3.0.101-108.141.1 | May 5, 2023 | An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing con | ||
| CVE-2023-31085 | — | < 3.0.101-108.150.1 | 3.0.101-108.150.1 | Apr 24, 2023 | An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0. | ||
| CVE-2023-31083 | — | < 3.0.101-108.153.1 | 3.0.101-108.153.1 | Apr 24, 2023 | An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur. | ||
| CVE-2023-2007 | — | < 3.0.101-108.147.1 | 3.0.101-108.147.1 | Apr 24, 2023 | The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in t | ||
| CVE-2023-28328 | — | < 3.0.101-108.141.1 | 3.0.101-108.141.1 | Apr 19, 2023 | A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially caus | ||
| CVE-2023-2162 | — | < 3.0.101-108.141.1 | 3.0.101-108.141.1 | Apr 19, 2023 | A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. | ||
| CVE-2023-1989 | — | < 3.0.101-108.141.1 | 3.0.101-108.141.1 | Apr 11, 2023 | A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. | ||
| CVE-2023-1670 | — | < 3.0.101-108.141.1 | 3.0.101-108.141.1 | Mar 30, 2023 | A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | ||
| CVE-2023-1077 | — | < 3.0.101-108.147.1 | 3.0.101-108.147.1 | Mar 27, 2023 | In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a | ||
| CVE-2023-1513 | — | < 3.0.101-108.141.1 | 3.0.101-108.141.1 | Mar 23, 2023 | A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. | ||
| CVE-2023-0590 | — | < 3.0.101-108.141.1 | 3.0.101-108.141.1 | Mar 23, 2023 | A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. | ||
| CVE-2022-4095 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Mar 22, 2023 | A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. | ||
| CVE-2022-3424 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Mar 6, 2023 | A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate | ||
| CVE-2023-1118 | — | < 3.0.101-108.141.1 | 3.0.101-108.141.1 | Mar 2, 2023 | A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | ||
| CVE-2022-41858 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Jan 17, 2023 | A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. | ||
| CVE-2023-23559 | — | < 3.0.101-108.141.1 | 3.0.101-108.141.1 | Jan 13, 2023 | In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. |
- CVE-2023-3159Jun 12, 2023affected < 3.0.101-108.144.1fixed 3.0.101-108.144.1
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.
- CVE-2023-3141Jun 9, 2023affected < 3.0.101-108.144.1fixed 3.0.101-108.144.1
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
- CVE-2023-3111Jun 5, 2023affected < 3.0.101-108.150.1fixed 3.0.101-108.150.1
A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().
- CVE-2023-0459May 25, 2023affected < 3.0.101-108.144.1fixed 3.0.101-108.144.1
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commi
- CVE-2023-32269May 5, 2023affected < 3.0.101-108.141.1fixed 3.0.101-108.141.1
An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing con
- CVE-2023-31085Apr 24, 2023affected < 3.0.101-108.150.1fixed 3.0.101-108.150.1
An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.
- CVE-2023-31083Apr 24, 2023affected < 3.0.101-108.153.1fixed 3.0.101-108.153.1
An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur.
- CVE-2023-2007Apr 24, 2023affected < 3.0.101-108.147.1fixed 3.0.101-108.147.1
The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in t
- CVE-2023-28328Apr 19, 2023affected < 3.0.101-108.141.1fixed 3.0.101-108.141.1
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially caus
- CVE-2023-2162Apr 19, 2023affected < 3.0.101-108.141.1fixed 3.0.101-108.141.1
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
- CVE-2023-1989Apr 11, 2023affected < 3.0.101-108.141.1fixed 3.0.101-108.141.1
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.
- CVE-2023-1670Mar 30, 2023affected < 3.0.101-108.141.1fixed 3.0.101-108.141.1
A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
- CVE-2023-1077Mar 27, 2023affected < 3.0.101-108.147.1fixed 3.0.101-108.147.1
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a
- CVE-2023-1513Mar 23, 2023affected < 3.0.101-108.141.1fixed 3.0.101-108.141.1
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
- CVE-2023-0590Mar 23, 2023affected < 3.0.101-108.141.1fixed 3.0.101-108.141.1
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
- CVE-2022-4095Mar 22, 2023affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.
- CVE-2022-3424Mar 6, 2023affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate
- CVE-2023-1118Mar 2, 2023affected < 3.0.101-108.141.1fixed 3.0.101-108.141.1
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
- CVE-2022-41858Jan 17, 2023affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.
- CVE-2023-23559Jan 13, 2023affected < 3.0.101-108.141.1fixed 3.0.101-108.141.1
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
Page 9 of 13