rpm package
suse/kernel-source&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Vulnerabilities (572)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-28693 | Med | 4.7 | < 4.12.14-95.114.1 | 4.12.14-95.114.1 | Feb 14, 2025 | Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | |
| CVE-2021-34981 | — | < 4.12.14-95.83.2 | 4.12.14-95.83.2 | May 7, 2024 | Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target s | ||
| CVE-2022-2588 | — | < 4.12.14-95.108.1 | 4.12.14-95.108.1 | Jan 8, 2024 | It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. | ||
| CVE-2023-2513 | — | < 4.12.14-95.128.1 | 4.12.14-95.128.1 | May 8, 2023 | A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. | ||
| CVE-2023-32269 | — | < 4.12.14-95.128.1 | 4.12.14-95.128.1 | May 5, 2023 | An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing con | ||
| CVE-2023-31436 | — | < 4.12.14-95.128.1 | 4.12.14-95.128.1 | Apr 28, 2023 | qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. | ||
| CVE-2023-31084 | — | < 4.12.14-95.128.1 | 4.12.14-95.128.1 | Apr 24, 2023 | An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_ | ||
| CVE-2023-2194 | — | < 4.12.14-95.128.1 | 4.12.14-95.128.1 | Apr 20, 2023 | An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could al | ||
| CVE-2023-2176 | — | < 4.12.14-95.128.1 | 4.12.14-95.128.1 | Apr 20, 2023 | A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. | ||
| CVE-2023-1380 | — | < 4.12.14-95.128.1 | 4.12.14-95.128.1 | Mar 27, 2023 | A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading t | ||
| CVE-2022-4095 | — | < 4.12.14-95.114.1 | 4.12.14-95.114.1 | Mar 22, 2023 | A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. | ||
| CVE-2022-3424 | — | < 4.12.14-95.114.1 | 4.12.14-95.114.1 | Mar 6, 2023 | A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate | ||
| CVE-2022-47929 | — | < 4.12.14-95.117.1 | 4.12.14-95.117.1 | Jan 17, 2023 | In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This aff | ||
| CVE-2022-41858 | — | < 4.12.14-95.114.1 | 4.12.14-95.114.1 | Jan 17, 2023 | A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. | ||
| CVE-2023-23454 | — | < 4.12.14-95.117.1 | 4.12.14-95.117.1 | Jan 12, 2023 | cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | ||
| CVE-2022-3628 | — | < 4.12.14-95.114.1 | 4.12.14-95.114.1 | Jan 12, 2023 | A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. | ||
| CVE-2022-4378 | — | < 4.12.14-95.114.1 | 4.12.14-95.114.1 | Jan 5, 2023 | A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||
| CVE-2022-4662 | — | < 4.12.14-95.117.1 | 4.12.14-95.117.1 | Dec 22, 2022 | A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. | ||
| CVE-2022-42329 | — | < 4.12.14-95.114.1 | 4.12.14-95.114.1 | Dec 7, 2022 | Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free | ||
| CVE-2022-42328 | — | < 4.12.14-95.114.1 | 4.12.14-95.114.1 | Dec 7, 2022 | Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free |
- affected < 4.12.14-95.114.1fixed 4.12.14-95.114.1
Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
- CVE-2021-34981May 7, 2024affected < 4.12.14-95.83.2fixed 4.12.14-95.83.2
Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target s
- CVE-2022-2588Jan 8, 2024affected < 4.12.14-95.108.1fixed 4.12.14-95.108.1
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
- CVE-2023-2513May 8, 2023affected < 4.12.14-95.128.1fixed 4.12.14-95.128.1
A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.
- CVE-2023-32269May 5, 2023affected < 4.12.14-95.128.1fixed 4.12.14-95.128.1
An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing con
- CVE-2023-31436Apr 28, 2023affected < 4.12.14-95.128.1fixed 4.12.14-95.128.1
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
- CVE-2023-31084Apr 24, 2023affected < 4.12.14-95.128.1fixed 4.12.14-95.128.1
An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_
- CVE-2023-2194Apr 20, 2023affected < 4.12.14-95.128.1fixed 4.12.14-95.128.1
An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could al
- CVE-2023-2176Apr 20, 2023affected < 4.12.14-95.128.1fixed 4.12.14-95.128.1
A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.
- CVE-2023-1380Mar 27, 2023affected < 4.12.14-95.128.1fixed 4.12.14-95.128.1
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading t
- CVE-2022-4095Mar 22, 2023affected < 4.12.14-95.114.1fixed 4.12.14-95.114.1
A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.
- CVE-2022-3424Mar 6, 2023affected < 4.12.14-95.114.1fixed 4.12.14-95.114.1
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate
- CVE-2022-47929Jan 17, 2023affected < 4.12.14-95.117.1fixed 4.12.14-95.117.1
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This aff
- CVE-2022-41858Jan 17, 2023affected < 4.12.14-95.114.1fixed 4.12.14-95.114.1
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.
- CVE-2023-23454Jan 12, 2023affected < 4.12.14-95.117.1fixed 4.12.14-95.117.1
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
- CVE-2022-3628Jan 12, 2023affected < 4.12.14-95.114.1fixed 4.12.14-95.114.1
A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.
- CVE-2022-4378Jan 5, 2023affected < 4.12.14-95.114.1fixed 4.12.14-95.114.1
A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.
- CVE-2022-4662Dec 22, 2022affected < 4.12.14-95.117.1fixed 4.12.14-95.117.1
A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.
- CVE-2022-42329Dec 7, 2022affected < 4.12.14-95.114.1fixed 4.12.14-95.114.1
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
- CVE-2022-42328Dec 7, 2022affected < 4.12.14-95.114.1fixed 4.12.14-95.114.1
Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free
Page 1 of 29