rpm package

suse/kernel-source&distro=SUSE Linux Enterprise Server 15 SP1-BCL

pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL

Vulnerabilities (275)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-28693	Med	4.7	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Feb 14, 2025	Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2021-34981		—	< 4.12.14-197.102.2	4.12.14-197.102.2	May 7, 2024	Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target s
CVE-2022-2588		—	< 4.12.14-150100.197.123.1	4.12.14-150100.197.123.1	Jan 8, 2024	It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
CVE-2022-22942		—	< 4.12.14-150100.197.114.2	4.12.14-150100.197.114.2	Dec 13, 2023	The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
CVE-2022-4095		—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Mar 22, 2023	A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.
CVE-2022-3424		—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Mar 6, 2023	A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate
CVE-2022-41858		—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Jan 17, 2023	A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.
CVE-2022-3628		—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Jan 12, 2023	A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.
CVE-2022-4378		—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Jan 5, 2023	A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-42329		—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Dec 7, 2022	Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
CVE-2022-42328		—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Dec 7, 2022	Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
CVE-2022-3643		—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Dec 7, 2022	Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux networ
CVE-2022-45934		—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Nov 27, 2022	An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-42896		—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Nov 23, 2022	There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leakin
CVE-2022-42895		—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Nov 23, 2022	There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba31
CVE-2022-3903		—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Nov 14, 2022	An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the syst
CVE-2022-43945	Hig	7.5	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Nov 4, 2022	The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client c
CVE-2022-43750		—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Oct 26, 2022	drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.
CVE-2022-3649		—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Oct 21, 2022	A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended
CVE-2022-3646		—	< 4.12.14-150100.197.131.1	4.12.14-150100.197.131.1	Oct 21, 2022	A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is r

CVE-2022-28693MedFeb 14, 2025
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2021-34981May 7, 2024
affected < 4.12.14-197.102.2fixed 4.12.14-197.102.2
Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target s
CVE-2022-2588Jan 8, 2024
affected < 4.12.14-150100.197.123.1fixed 4.12.14-150100.197.123.1
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
CVE-2022-22942Dec 13, 2023
affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2
The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.
CVE-2022-4095Mar 22, 2023
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.
CVE-2022-3424Mar 6, 2023
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate
CVE-2022-41858Jan 17, 2023
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.
CVE-2022-3628Jan 12, 2023
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.
CVE-2022-4378Jan 5, 2023
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-42329Dec 7, 2022
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
CVE-2022-42328Dec 7, 2022
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
CVE-2022-3643Dec 7, 2022
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux networ
CVE-2022-45934Nov 27, 2022
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-42896Nov 23, 2022
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leakin
CVE-2022-42895Nov 23, 2022
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba31
CVE-2022-3903Nov 14, 2022
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the syst
CVE-2022-43945HigNov 4, 2022
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client c
CVE-2022-43750Oct 26, 2022
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.
CVE-2022-3649Oct 21, 2022
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended
CVE-2022-3646Oct 21, 2022
affected < 4.12.14-150100.197.131.1fixed 4.12.14-150100.197.131.1
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is r

Page 1 of 14