rpm package
suse/kernel-source-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP4
pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4
Vulnerabilities (315)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-2177 | Med | 5.5 | < 5.14.21-150400.14.69.1 | 5.14.21-150400.14.69.1 | Apr 20, 2023 | A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a | |
| CVE-2023-2176 | Hig | 7.8 | < 5.14.21-150400.14.49.1 | 5.14.21-150400.14.49.1 | Apr 20, 2023 | A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. | |
| CVE-2023-2166 | Med | 5.5 | < 5.14.21-150400.14.63.1 | 5.14.21-150400.14.63.1 | Apr 19, 2023 | A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service. | |
| CVE-2023-28328 | Med | 5.5 | < 5.14.21-150400.14.40.1 | 5.14.21-150400.14.40.1 | Apr 19, 2023 | A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially caus | |
| CVE-2023-28327 | Med | 5.5 | < 5.14.21-150400.14.43.1 | 5.14.21-150400.14.43.1 | Apr 19, 2023 | A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. | |
| CVE-2023-1382 | Med | 4.7 | < 5.14.21-150400.14.52.1 | 5.14.21-150400.14.52.1 | Apr 19, 2023 | A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel. | |
| CVE-2023-2162 | Med | 5.5 | < 5.14.21-150400.14.52.1 | 5.14.21-150400.14.52.1 | Apr 19, 2023 | A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. | |
| CVE-2023-30772 | Med | 6.4 | < 5.14.21-150400.14.49.1 | 5.14.21-150400.14.49.1 | Apr 16, 2023 | The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. | |
| CVE-2023-2008 | Hig | 7.8 | < 5.14.21-150400.14.49.1 | 5.14.21-150400.14.49.1 | Apr 14, 2023 | A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this v | |
| CVE-2023-1990 | Med | 4.7 | < 5.14.21-150400.14.49.1 | 5.14.21-150400.14.49.1 | Apr 12, 2023 | A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. | |
| CVE-2023-1829 | Hig | 7.8 | < 5.14.21-150400.14.55.1 | 5.14.21-150400.14.55.1 | Apr 12, 2023 | A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying struc | |
| CVE-2023-1989 | Hig | 7.0 | < 5.14.21-150400.14.49.1 | 5.14.21-150400.14.49.1 | Apr 11, 2023 | A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. | |
| CVE-2023-30456 | Med | 6.5 | < 5.14.21-150400.14.52.1 | 5.14.21-150400.14.52.1 | Apr 10, 2023 | An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. | |
| CVE-2023-1855 | Med | 6.3 | < 5.14.21-150400.14.49.1 | 5.14.21-150400.14.49.1 | Apr 5, 2023 | A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel info | |
| CVE-2023-1582 | Med | 4.7 | < 5.14.21-150400.14.43.1 | 5.14.21-150400.14.43.1 | Apr 5, 2023 | A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service. | |
| CVE-2023-1838 | Hig | 7.1 | < 5.14.21-150400.14.46.1 | 5.14.21-150400.14.46.1 | Apr 5, 2023 | A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. | |
| CVE-2023-1611 | Med | 6.3 | < 5.14.21-150400.14.46.1 | 5.14.21-150400.14.46.1 | Apr 3, 2023 | A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea | |
| CVE-2023-28464 | Hig | 7.8 | < 5.14.21-150400.14.43.1 | 5.14.21-150400.14.43.1 | Mar 31, 2023 | hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. | |
| CVE-2023-1670 | Hig | 7.8 | < 5.14.21-150400.14.49.1 | 5.14.21-150400.14.49.1 | Mar 30, 2023 | A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | |
| CVE-2022-4744 | Hig | 7.8 | < 5.14.21-150400.14.43.1 | 5.14.21-150400.14.43.1 | Mar 30, 2023 | A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the |
- affected < 5.14.21-150400.14.69.1fixed 5.14.21-150400.14.69.1
A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a
- affected < 5.14.21-150400.14.49.1fixed 5.14.21-150400.14.49.1
A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.
- affected < 5.14.21-150400.14.63.1fixed 5.14.21-150400.14.63.1
A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.
- affected < 5.14.21-150400.14.40.1fixed 5.14.21-150400.14.40.1
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially caus
- affected < 5.14.21-150400.14.43.1fixed 5.14.21-150400.14.43.1
A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.
- affected < 5.14.21-150400.14.52.1fixed 5.14.21-150400.14.52.1
A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.
- affected < 5.14.21-150400.14.52.1fixed 5.14.21-150400.14.52.1
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
- affected < 5.14.21-150400.14.49.1fixed 5.14.21-150400.14.49.1
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.
- affected < 5.14.21-150400.14.49.1fixed 5.14.21-150400.14.49.1
A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this v
- affected < 5.14.21-150400.14.49.1fixed 5.14.21-150400.14.49.1
A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.
- affected < 5.14.21-150400.14.55.1fixed 5.14.21-150400.14.55.1
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying struc
- affected < 5.14.21-150400.14.49.1fixed 5.14.21-150400.14.49.1
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.
- affected < 5.14.21-150400.14.52.1fixed 5.14.21-150400.14.52.1
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.
- affected < 5.14.21-150400.14.49.1fixed 5.14.21-150400.14.49.1
A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel info
- affected < 5.14.21-150400.14.43.1fixed 5.14.21-150400.14.43.1
A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.
- affected < 5.14.21-150400.14.46.1fixed 5.14.21-150400.14.46.1
A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.
- affected < 5.14.21-150400.14.46.1fixed 5.14.21-150400.14.46.1
A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea
- affected < 5.14.21-150400.14.43.1fixed 5.14.21-150400.14.43.1
hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
- affected < 5.14.21-150400.14.49.1fixed 5.14.21-150400.14.49.1
A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
- affected < 5.14.21-150400.14.43.1fixed 5.14.21-150400.14.43.1
A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the
Page 6 of 16