rpm package
suse/kernel-source&distro=SUSE Linux Enterprise Server 12 SP2-BCL
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Vulnerabilities (580)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-34981 | — | < 4.4.121-92.161.1 | 4.4.121-92.161.1 | May 7, 2024 | Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target s | ||
| CVE-2022-2588 | — | < 4.4.121-92.188.1 | 4.4.121-92.188.1 | Jan 8, 2024 | It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. | ||
| CVE-2022-40982 | — | < 4.4.121-92.208.1 | 4.4.121-92.208.1 | Aug 11, 2023 | Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2023-20569 | — | < 4.4.121-92.208.1 | 4.4.121-92.208.1 | Aug 8, 2023 | A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. | ||
| CVE-2023-20593 | — | < 4.4.121-92.208.1 | 4.4.121-92.208.1 | Jul 24, 2023 | An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. | ||
| CVE-2023-3567 | — | < 4.4.121-92.208.1 | 4.4.121-92.208.1 | Jul 24, 2023 | A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. | ||
| CVE-2023-3776 | — | < 4.4.121-92.208.1 | 4.4.121-92.208.1 | Jul 21, 2023 | A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_b | ||
| CVE-2023-3611 | — | < 4.4.121-92.208.1 | 4.4.121-92.208.1 | Jul 21, 2023 | An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes wi | ||
| CVE-2023-3106 | — | < 4.4.121-92.208.1 | 4.4.121-92.208.1 | Jul 12, 2023 | A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another u | ||
| CVE-2023-35001 | — | < 4.4.121-92.208.1 | 4.4.121-92.208.1 | Jul 5, 2023 | Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace | ||
| CVE-2023-3090 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Jun 28, 2023 | A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_ | ||
| CVE-2023-35824 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Jun 18, 2023 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. | ||
| CVE-2023-3268 | — | < 4.4.121-92.208.1 | 4.4.121-92.208.1 | Jun 16, 2023 | An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. | ||
| CVE-2023-3161 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Jun 12, 2023 | A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. | ||
| CVE-2023-3159 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Jun 12, 2023 | A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. | ||
| CVE-2023-3141 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Jun 9, 2023 | A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. | ||
| CVE-2023-2985 | — | < 4.4.121-92.208.1 | 4.4.121-92.208.1 | Jun 1, 2023 | A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem. | ||
| CVE-2023-0459 | — | < 4.4.121-92.208.1 | 4.4.121-92.208.1 | May 25, 2023 | Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commi | ||
| CVE-2023-2124 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | May 15, 2023 | An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||
| CVE-2023-2513 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | May 8, 2023 | A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. |
- CVE-2021-34981May 7, 2024affected < 4.4.121-92.161.1fixed 4.4.121-92.161.1
Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target s
- CVE-2022-2588Jan 8, 2024affected < 4.4.121-92.188.1fixed 4.4.121-92.188.1
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
- CVE-2022-40982Aug 11, 2023affected < 4.4.121-92.208.1fixed 4.4.121-92.208.1
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2023-20569Aug 8, 2023affected < 4.4.121-92.208.1fixed 4.4.121-92.208.1
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.
- CVE-2023-20593Jul 24, 2023affected < 4.4.121-92.208.1fixed 4.4.121-92.208.1
An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.
- CVE-2023-3567Jul 24, 2023affected < 4.4.121-92.208.1fixed 4.4.121-92.208.1
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
- CVE-2023-3776Jul 21, 2023affected < 4.4.121-92.208.1fixed 4.4.121-92.208.1
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_b
- CVE-2023-3611Jul 21, 2023affected < 4.4.121-92.208.1fixed 4.4.121-92.208.1
An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes wi
- CVE-2023-3106Jul 12, 2023affected < 4.4.121-92.208.1fixed 4.4.121-92.208.1
A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another u
- CVE-2023-35001Jul 5, 2023affected < 4.4.121-92.208.1fixed 4.4.121-92.208.1
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
- CVE-2023-3090Jun 28, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_
- CVE-2023-35824Jun 18, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
- CVE-2023-3268Jun 16, 2023affected < 4.4.121-92.208.1fixed 4.4.121-92.208.1
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
- CVE-2023-3161Jun 12, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.
- CVE-2023-3159Jun 12, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.
- CVE-2023-3141Jun 9, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
- CVE-2023-2985Jun 1, 2023affected < 4.4.121-92.208.1fixed 4.4.121-92.208.1
A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.
- CVE-2023-0459May 25, 2023affected < 4.4.121-92.208.1fixed 4.4.121-92.208.1
Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commi
- CVE-2023-2124May 15, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
- CVE-2023-2513May 8, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
Page 1 of 29