rpm package
suse/kernel-source&distro=SUSE Linux Enterprise Server 12 SP5-LTSS
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS
Vulnerabilities (1,794)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-2977 | — | < 4.12.14-122.255.1 | 4.12.14-122.255.1 | Sep 14, 2022 | A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate priv | ||
| CVE-2022-36280 | — | < 4.12.14-122.275.1 | 4.12.14-122.275.1 | Sep 9, 2022 | An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privi | ||
| CVE-2022-1016 | — | < 4.12.14-122.255.1 | 4.12.14-122.255.1 | Aug 29, 2022 | A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. | ||
| CVE-2022-1184 | — | < 4.12.14-122.255.1 | 4.12.14-122.255.1 | Aug 29, 2022 | A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. | ||
| CVE-2022-2991 | — | < 4.12.14-122.250.1 | 4.12.14-122.250.1 | Aug 25, 2022 | A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalat | ||
| CVE-2021-4159 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | Aug 24, 2022 | A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory deta | ||
| CVE-2022-26373 | — | < 4.12.14-122.255.1 | 4.12.14-122.255.1 | Aug 18, 2022 | Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | ||
| CVE-2022-1679 | — | < 4.12.14-122.266.1 | 4.12.14-122.266.1 | May 16, 2022 | A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||
| CVE-2022-1048 | — | < 4.12.14-122.255.1 | 4.12.14-122.255.1 | Apr 29, 2022 | A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat | ||
| CVE-2021-20320 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | Feb 18, 2022 | A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. | ||
| CVE-2021-43527 | — | < 4.12.14-122.266.1 | 4.12.14-122.266.1 | Dec 8, 2021 | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. | ||
| CVE-2021-37159 | — | < 4.12.14-122.250.1 | 4.12.14-122.250.1 | Jul 21, 2021 | hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. | ||
| CVE-2021-22543 | — | < 4.12.14-122.250.1 | 4.12.14-122.250.1 | May 26, 2021 | An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pag | ||
| CVE-2017-5753 | — | < 4.12.14-122.255.1 | 4.12.14-122.255.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. |
- CVE-2022-2977Sep 14, 2022affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate priv
- CVE-2022-36280Sep 9, 2022affected < 4.12.14-122.275.1fixed 4.12.14-122.275.1
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privi
- CVE-2022-1016Aug 29, 2022affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
- CVE-2022-1184Aug 29, 2022affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
- CVE-2022-2991Aug 25, 2022affected < 4.12.14-122.250.1fixed 4.12.14-122.250.1
A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalat
- CVE-2021-4159Aug 24, 2022affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory deta
- CVE-2022-26373Aug 18, 2022affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
- CVE-2022-1679May 16, 2022affected < 4.12.14-122.266.1fixed 4.12.14-122.266.1
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
- CVE-2022-1048Apr 29, 2022affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
- CVE-2021-20320Feb 18, 2022affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.
- CVE-2021-43527Dec 8, 2021affected < 4.12.14-122.266.1fixed 4.12.14-122.266.1
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted.
- CVE-2021-37159Jul 21, 2021affected < 4.12.14-122.250.1fixed 4.12.14-122.250.1
hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.
- CVE-2021-22543May 26, 2021affected < 4.12.14-122.250.1fixed 4.12.14-122.250.1
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pag
- CVE-2017-5753Jan 4, 2018affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Page 90 of 90