rpm package

suse/kernel-source&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3

pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3

Vulnerabilities (1,468)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-47520	—	< 5.3.18-150300.59.109.1	5.3.18-150300.59.109.1	Dec 18, 2022	An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink
CVE-2022-3115	—	< 5.3.18-150300.59.109.1	5.3.18-150300.59.109.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.
CVE-2022-3112	—	< 5.3.18-150300.59.109.1	5.3.18-150300.59.109.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.
CVE-2022-3111	—	< 5.3.18-150300.59.109.1	5.3.18-150300.59.109.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().
CVE-2022-3108	—	< 5.3.18-150300.59.109.1	5.3.18-150300.59.109.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
CVE-2022-3107	—	< 5.3.18-150300.59.109.1	5.3.18-150300.59.109.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.
CVE-2022-3106	—	< 5.3.18-150300.59.109.1	5.3.18-150300.59.109.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().
CVE-2022-3105	—	< 5.3.18-150300.59.109.1	5.3.18-150300.59.109.1	Dec 14, 2022	An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().
CVE-2022-42329	—	< 5.3.18-150300.59.109.1	5.3.18-150300.59.109.1	Dec 7, 2022	Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
CVE-2022-42328	—	< 5.3.18-150300.59.109.1	5.3.18-150300.59.109.1	Dec 7, 2022	Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
CVE-2022-3643	—	< 5.3.18-150300.59.109.1	5.3.18-150300.59.109.1	Dec 7, 2022	Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux networ
CVE-2022-4269	—	< 5.3.18-150300.59.124.1	5.3.18-150300.59.124.1	Dec 5, 2022	A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in
CVE-2022-4129	—	< 5.3.18-150300.59.106.1	5.3.18-150300.59.106.1	Nov 28, 2022	A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.
CVE-2022-45934	—	< 5.3.18-150300.59.106.1	5.3.18-150300.59.106.1	Nov 27, 2022	An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-45919	—	< 5.3.18-150300.59.124.1	5.3.18-150300.59.124.1	Nov 27, 2022	An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
CVE-2022-45887	—	< 5.3.18-150300.59.124.1	5.3.18-150300.59.124.1	Nov 25, 2022	An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
CVE-2022-45886	—	< 5.3.18-150300.59.124.1	5.3.18-150300.59.124.1	Nov 25, 2022	An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
CVE-2022-45885	—	< 5.3.18-150300.59.124.1	5.3.18-150300.59.124.1	Nov 25, 2022	An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
CVE-2022-45884	—	< 5.3.18-150300.59.124.1	5.3.18-150300.59.124.1	Nov 25, 2022	An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.
CVE-2022-42896	—	< 5.3.18-150300.59.106.1	5.3.18-150300.59.106.1	Nov 23, 2022	There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leakin

CVE-2022-47520Dec 18, 2022
affected < 5.3.18-150300.59.109.1fixed 5.3.18-150300.59.109.1
An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink
CVE-2022-3115Dec 14, 2022
affected < 5.3.18-150300.59.109.1fixed 5.3.18-150300.59.109.1
An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.
CVE-2022-3112Dec 14, 2022
affected < 5.3.18-150300.59.109.1fixed 5.3.18-150300.59.109.1
An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.
CVE-2022-3111Dec 14, 2022
affected < 5.3.18-150300.59.109.1fixed 5.3.18-150300.59.109.1
An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().
CVE-2022-3108Dec 14, 2022
affected < 5.3.18-150300.59.109.1fixed 5.3.18-150300.59.109.1
An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().
CVE-2022-3107Dec 14, 2022
affected < 5.3.18-150300.59.109.1fixed 5.3.18-150300.59.109.1
An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.
CVE-2022-3106Dec 14, 2022
affected < 5.3.18-150300.59.109.1fixed 5.3.18-150300.59.109.1
An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().
CVE-2022-3105Dec 14, 2022
affected < 5.3.18-150300.59.109.1fixed 5.3.18-150300.59.109.1
An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().
CVE-2022-42329Dec 7, 2022
affected < 5.3.18-150300.59.109.1fixed 5.3.18-150300.59.109.1
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
CVE-2022-42328Dec 7, 2022
affected < 5.3.18-150300.59.109.1fixed 5.3.18-150300.59.109.1
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
CVE-2022-3643Dec 7, 2022
affected < 5.3.18-150300.59.109.1fixed 5.3.18-150300.59.109.1
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux networ
CVE-2022-4269Dec 5, 2022
affected < 5.3.18-150300.59.124.1fixed 5.3.18-150300.59.124.1
A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in
CVE-2022-4129Nov 28, 2022
affected < 5.3.18-150300.59.106.1fixed 5.3.18-150300.59.106.1
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.
CVE-2022-45934Nov 27, 2022
affected < 5.3.18-150300.59.106.1fixed 5.3.18-150300.59.106.1
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-45919Nov 27, 2022
affected < 5.3.18-150300.59.124.1fixed 5.3.18-150300.59.124.1
An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.
CVE-2022-45887Nov 25, 2022
affected < 5.3.18-150300.59.124.1fixed 5.3.18-150300.59.124.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.
CVE-2022-45886Nov 25, 2022
affected < 5.3.18-150300.59.124.1fixed 5.3.18-150300.59.124.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.
CVE-2022-45885Nov 25, 2022
affected < 5.3.18-150300.59.124.1fixed 5.3.18-150300.59.124.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
CVE-2022-45884Nov 25, 2022
affected < 5.3.18-150300.59.124.1fixed 5.3.18-150300.59.124.1
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.
CVE-2022-42896Nov 23, 2022
affected < 5.3.18-150300.59.106.1fixed 5.3.18-150300.59.106.1
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leakin

Page 71 of 74