rpm package

suse/kernel-source-azure&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Vulnerabilities (1,481)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-21499	—	< 4.12.14-16.100.1	4.12.14-16.100.1	Jun 9, 2022	KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Scor
CVE-2022-1652	—	< 4.12.14-16.100.1	4.12.14-16.100.1	May 31, 2022	Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a
CVE-2022-1419	—	< 4.12.14-16.97.1	4.12.14-16.97.1	May 31, 2022	The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of drm_vgem_gem_object (created in vgem_gem_dumb_create) concurrently, and vgem_gem_dumb_create will access the freed drm_vgem_gem_object.
CVE-2022-1462	—	< 4.12.14-16.106.1	4.12.14-16.106.1	May 31, 2022	An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local u
CVE-2022-1734	—	< 4.12.14-16.100.1	4.12.14-16.100.1	May 18, 2022	A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
CVE-2022-29581	—	< 4.12.14-16.109.1	4.12.14-16.109.1	May 17, 2022	Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
CVE-2022-1679	—	< 4.12.14-16.103.1	4.12.14-16.103.1	May 16, 2022	A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-30594	—	< 4.12.14-16.100.1	4.12.14-16.100.1	May 12, 2022	The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
CVE-2022-20008	—	< 4.12.14-16.112.1	4.12.14-16.112.1	May 10, 2022	In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is no
CVE-2022-1516	—	< 4.12.14-16.97.1	4.12.14-16.97.1	May 5, 2022	A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s
CVE-2022-1353	—	< 4.12.14-16.97.1	4.12.14-16.97.1	Apr 29, 2022	A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
CVE-2022-1048	—	< 4.12.14-16.94.1	4.12.14-16.94.1	Apr 29, 2022	A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
CVE-2022-1280	—	< 4.12.14-16.97.1	4.12.14-16.97.1	Apr 13, 2022	A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.
CVE-2022-28388	—	< 4.12.14-16.94.1	4.12.14-16.94.1	Apr 3, 2022	usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28389	—	< 4.12.14-16.94.1	4.12.14-16.94.1	Apr 3, 2022	mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28390	—	< 4.12.14-16.94.1	4.12.14-16.94.1	Apr 3, 2022	ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28356	—	< 4.12.14-16.94.1	4.12.14-16.94.1	Apr 2, 2022	In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
CVE-2022-0322	—	< 4.12.14-16.88.1	4.12.14-16.88.1	Mar 25, 2022	A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of s
CVE-2021-4202	—	< 4.12.14-16.88.1	4.12.14-16.88.1	Mar 25, 2022	A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalat
CVE-2021-4157	—	< 4.12.14-16.103.1	4.12.14-16.103.1	Mar 25, 2022	An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileg

CVE-2022-21499Jun 9, 2022
affected < 4.12.14-16.100.1fixed 4.12.14-16.100.1
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Scor
CVE-2022-1652May 31, 2022
affected < 4.12.14-16.100.1fixed 4.12.14-16.100.1
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a
CVE-2022-1419May 31, 2022
affected < 4.12.14-16.97.1fixed 4.12.14-16.97.1
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.
CVE-2022-1462May 31, 2022
affected < 4.12.14-16.106.1fixed 4.12.14-16.106.1
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local u
CVE-2022-1734May 18, 2022
affected < 4.12.14-16.100.1fixed 4.12.14-16.100.1
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
CVE-2022-29581May 17, 2022
affected < 4.12.14-16.109.1fixed 4.12.14-16.109.1
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
CVE-2022-1679May 16, 2022
affected < 4.12.14-16.103.1fixed 4.12.14-16.103.1
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-30594May 12, 2022
affected < 4.12.14-16.100.1fixed 4.12.14-16.100.1
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
CVE-2022-20008May 10, 2022
affected < 4.12.14-16.112.1fixed 4.12.14-16.112.1
In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is no
CVE-2022-1516May 5, 2022
affected < 4.12.14-16.97.1fixed 4.12.14-16.97.1
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s
CVE-2022-1353Apr 29, 2022
affected < 4.12.14-16.97.1fixed 4.12.14-16.97.1
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
CVE-2022-1048Apr 29, 2022
affected < 4.12.14-16.94.1fixed 4.12.14-16.94.1
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
CVE-2022-1280Apr 13, 2022
affected < 4.12.14-16.97.1fixed 4.12.14-16.97.1
A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.
CVE-2022-28388Apr 3, 2022
affected < 4.12.14-16.94.1fixed 4.12.14-16.94.1
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28389Apr 3, 2022
affected < 4.12.14-16.94.1fixed 4.12.14-16.94.1
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28390Apr 3, 2022
affected < 4.12.14-16.94.1fixed 4.12.14-16.94.1
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28356Apr 2, 2022
affected < 4.12.14-16.94.1fixed 4.12.14-16.94.1
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
CVE-2022-0322Mar 25, 2022
affected < 4.12.14-16.88.1fixed 4.12.14-16.88.1
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of s
CVE-2021-4202Mar 25, 2022
affected < 4.12.14-16.88.1fixed 4.12.14-16.88.1
A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalat
CVE-2021-4157Mar 25, 2022
affected < 4.12.14-16.103.1fixed 4.12.14-16.103.1
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileg

Page 56 of 75