rpm package

suse/kernel-source&distro=SUSE Linux Enterprise Server 12 SP2-BCL

pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL

Vulnerabilities (580)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-41218		—	< 4.4.121-92.191.1	4.4.121-92.191.1	Sep 21, 2022	In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
CVE-2022-3239		—	< 4.4.121-92.191.1	4.4.121-92.191.1	Sep 19, 2022	A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
CVE-2022-40768		—	< 4.4.121-92.196.2	4.4.121-92.196.2	Sep 18, 2022	drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
CVE-2022-38096	Med	6.3	< 4.4.121-92.202.6	4.4.121-92.202.6	Sep 9, 2022	A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, cau
CVE-2022-36280		—	< 4.4.121-92.202.6	4.4.121-92.202.6	Sep 9, 2022	An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privi
CVE-2022-40307		—	< 4.4.121-92.196.2	4.4.121-92.196.2	Sep 9, 2022	An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
CVE-2022-3169		—	< 4.4.121-92.196.2	4.4.121-92.196.2	Sep 9, 2022	A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.
CVE-2022-2964		—	< 4.4.121-92.196.2	4.4.121-92.196.2	Sep 9, 2022	A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
CVE-2022-39188		—	< 4.4.121-92.188.1	4.4.121-92.188.1	Sep 2, 2022	An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.
CVE-2022-2663		—	< 4.4.121-92.196.2	4.4.121-92.196.2	Sep 1, 2022	An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
CVE-2022-1729		—	< 4.4.121-92.175.2	4.4.121-92.175.2	Sep 1, 2022	A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
CVE-2022-1975		—	< 4.4.121-92.175.2	4.4.121-92.175.2	Aug 31, 2022	There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.
CVE-2022-1974		—	< 4.4.121-92.175.2	4.4.121-92.175.2	Aug 31, 2022	A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.
CVE-2022-3028		—	< 4.4.121-92.188.1	4.4.121-92.188.1	Aug 31, 2022	A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory
CVE-2022-21385		—	< 4.4.121-92.188.1	4.4.121-92.188.1	Aug 29, 2022	A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVE-2022-1016		—	< 4.4.121-92.172.1	4.4.121-92.172.1	Aug 29, 2022	A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
CVE-2022-0850		—	< 4.4.121-92.172.1	4.4.121-92.172.1	Aug 29, 2022	A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.
CVE-2022-1184		—	< 4.4.121-92.175.2	4.4.121-92.175.2	Aug 29, 2022	A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
CVE-2022-2991		—	< 4.4.121-92.188.1	4.4.121-92.188.1	Aug 25, 2022	A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalat
CVE-2021-4155		—	< 4.4.121-92.164.1	4.4.121-92.164.1	Aug 24, 2022	A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.

CVE-2022-41218Sep 21, 2022
affected < 4.4.121-92.191.1fixed 4.4.121-92.191.1
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
CVE-2022-3239Sep 19, 2022
affected < 4.4.121-92.191.1fixed 4.4.121-92.191.1
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
CVE-2022-40768Sep 18, 2022
affected < 4.4.121-92.196.2fixed 4.4.121-92.196.2
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
CVE-2022-38096MedSep 9, 2022
affected < 4.4.121-92.202.6fixed 4.4.121-92.202.6
A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, cau
CVE-2022-36280Sep 9, 2022
affected < 4.4.121-92.202.6fixed 4.4.121-92.202.6
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privi
CVE-2022-40307Sep 9, 2022
affected < 4.4.121-92.196.2fixed 4.4.121-92.196.2
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
CVE-2022-3169Sep 9, 2022
affected < 4.4.121-92.196.2fixed 4.4.121-92.196.2
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.
CVE-2022-2964Sep 9, 2022
affected < 4.4.121-92.196.2fixed 4.4.121-92.196.2
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
CVE-2022-39188Sep 2, 2022
affected < 4.4.121-92.188.1fixed 4.4.121-92.188.1
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.
CVE-2022-2663Sep 1, 2022
affected < 4.4.121-92.196.2fixed 4.4.121-92.196.2
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
CVE-2022-1729Sep 1, 2022
affected < 4.4.121-92.175.2fixed 4.4.121-92.175.2
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
CVE-2022-1975Aug 31, 2022
affected < 4.4.121-92.175.2fixed 4.4.121-92.175.2
There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.
CVE-2022-1974Aug 31, 2022
affected < 4.4.121-92.175.2fixed 4.4.121-92.175.2
A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.
CVE-2022-3028Aug 31, 2022
affected < 4.4.121-92.188.1fixed 4.4.121-92.188.1
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory
CVE-2022-21385Aug 29, 2022
affected < 4.4.121-92.188.1fixed 4.4.121-92.188.1
A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVE-2022-1016Aug 29, 2022
affected < 4.4.121-92.172.1fixed 4.4.121-92.172.1
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
CVE-2022-0850Aug 29, 2022
affected < 4.4.121-92.172.1fixed 4.4.121-92.172.1
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.
CVE-2022-1184Aug 29, 2022
affected < 4.4.121-92.175.2fixed 4.4.121-92.175.2
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
CVE-2022-2991Aug 25, 2022
affected < 4.4.121-92.188.1fixed 4.4.121-92.188.1
A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalat
CVE-2021-4155Aug 24, 2022
affected < 4.4.121-92.164.1fixed 4.4.121-92.164.1
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.

Page 5 of 29