rpm package

suse/kernel-source&distro=SUSE Linux Enterprise Server 12 SP4-ESPOS

pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOS

Vulnerabilities (48)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-3923	—	< 4.12.14-95.125.1	4.12.14-95.125.1	Mar 27, 2023	A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user info
CVE-2020-36691	—	< 4.12.14-95.125.1	4.12.14-95.125.1	Mar 24, 2023	An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.
CVE-2023-28772	—	< 4.12.14-95.125.1	4.12.14-95.125.1	Mar 23, 2023	An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
CVE-2023-1513	—	< 4.12.14-95.125.1	4.12.14-95.125.1	Mar 23, 2023	A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
CVE-2023-0590	—	< 4.12.14-95.120.4	4.12.14-95.120.4	Mar 23, 2023	A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
CVE-2023-1390	—	< 4.12.14-95.125.1	4.12.14-95.125.1	Mar 16, 2023	A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in
CVE-2023-1118	—	< 4.12.14-95.125.1	4.12.14-95.125.1	Mar 2, 2023	A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
CVE-2023-1095	—	< 4.12.14-95.125.1	4.12.14-95.125.1	Feb 28, 2023	In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer deref
CVE-2023-26545	—	< 4.12.14-95.120.4	4.12.14-95.120.4	Feb 25, 2023	In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
CVE-2023-0597	—	< 4.12.14-95.125.1	4.12.14-95.125.1	Feb 23, 2023	A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected l
CVE-2023-0394	—	< 4.12.14-95.125.1	4.12.14-95.125.1	Jan 24, 2023	A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.
CVE-2023-23559	—	< 4.12.14-95.120.4	4.12.14-95.120.4	Jan 13, 2023	In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
CVE-2023-23455	—	< 4.12.14-95.125.1	4.12.14-95.125.1	Jan 12, 2023	atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVE-2023-23454	—	< 4.12.14-95.125.1	4.12.14-95.125.1	Jan 12, 2023	cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVE-2022-20567	—	< 4.12.14-95.125.1	4.12.14-95.125.1	Dec 16, 2022	In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid
CVE-2022-4129	—	< 4.12.14-95.120.4	4.12.14-95.120.4	Nov 28, 2022	A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.
CVE-2022-45919	—	< 4.12.14-95.128.1	4.12.14-95.128.1	Nov 27, 2022	An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
CVE-2022-45887	—	< 4.12.14-95.128.1	4.12.14-95.128.1	Nov 25, 2022	An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
CVE-2022-45886	—	< 4.12.14-95.128.1	4.12.14-95.128.1	Nov 25, 2022	An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
CVE-2022-45885	—	< 4.12.14-95.128.1	4.12.14-95.128.1	Nov 25, 2022	An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.

CVE-2021-3923Mar 27, 2023
affected < 4.12.14-95.125.1fixed 4.12.14-95.125.1
A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user info
CVE-2020-36691Mar 24, 2023
affected < 4.12.14-95.125.1fixed 4.12.14-95.125.1
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.
CVE-2023-28772Mar 23, 2023
affected < 4.12.14-95.125.1fixed 4.12.14-95.125.1
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
CVE-2023-1513Mar 23, 2023
affected < 4.12.14-95.125.1fixed 4.12.14-95.125.1
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
CVE-2023-0590Mar 23, 2023
affected < 4.12.14-95.120.4fixed 4.12.14-95.120.4
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
CVE-2023-1390Mar 16, 2023
affected < 4.12.14-95.125.1fixed 4.12.14-95.125.1
A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in
CVE-2023-1118Mar 2, 2023
affected < 4.12.14-95.125.1fixed 4.12.14-95.125.1
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
CVE-2023-1095Feb 28, 2023
affected < 4.12.14-95.125.1fixed 4.12.14-95.125.1
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer deref
CVE-2023-26545Feb 25, 2023
affected < 4.12.14-95.120.4fixed 4.12.14-95.120.4
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
CVE-2023-0597Feb 23, 2023
affected < 4.12.14-95.125.1fixed 4.12.14-95.125.1
A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected l
CVE-2023-0394Jan 24, 2023
affected < 4.12.14-95.125.1fixed 4.12.14-95.125.1
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.
CVE-2023-23559Jan 13, 2023
affected < 4.12.14-95.120.4fixed 4.12.14-95.120.4
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
CVE-2023-23455Jan 12, 2023
affected < 4.12.14-95.125.1fixed 4.12.14-95.125.1
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVE-2023-23454Jan 12, 2023
affected < 4.12.14-95.125.1fixed 4.12.14-95.125.1
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
CVE-2022-20567Dec 16, 2022
affected < 4.12.14-95.125.1fixed 4.12.14-95.125.1
In pppol2tp_create of l2tp_ppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid
CVE-2022-4129Nov 28, 2022
affected < 4.12.14-95.120.4fixed 4.12.14-95.120.4
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.
CVE-2022-45919Nov 27, 2022
affected < 4.12.14-95.128.1fixed 4.12.14-95.128.1
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
CVE-2022-45887Nov 25, 2022
affected < 4.12.14-95.128.1fixed 4.12.14-95.128.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
CVE-2022-45886Nov 25, 2022
affected < 4.12.14-95.128.1fixed 4.12.14-95.128.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
CVE-2022-45885Nov 25, 2022
affected < 4.12.14-95.128.1fixed 4.12.14-95.128.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.

Page 2 of 3