rpm package
suse/kernel-source-rt&distro=SUSE Linux Enterprise Micro 5.2
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
Vulnerabilities (1,394)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-7042 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Dec 21, 2023 | A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service. | ||
| CVE-2023-6817 | Hig | 7.8 | < 5.3.18-150300.161.1 | 5.3.18-150300.161.1 | Dec 18, 2023 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Po | |
| CVE-2023-24023 | — | < 5.3.18-150300.175.1 | 5.3.18-150300.175.1 | Nov 28, 2023 | Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUF | ||
| CVE-2023-47233 | Med | 4.3 | < 5.3.18-150300.172.1 | 5.3.18-150300.172.1 | Nov 3, 2023 | The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is r | |
| CVE-2023-42753 | — | < 5.3.18-150300.223.1 | 5.3.18-150300.223.1 | Sep 25, 2023 | An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This iss | ||
| CVE-2023-4244 | — | < 5.3.18-150300.172.1 | 5.3.18-150300.172.1 | Sep 6, 2023 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to under | ||
| CVE-2023-4132 | — | < 5.3.18-150300.232.1 | 5.3.18-150300.232.1 | Aug 3, 2023 | A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. | ||
| CVE-2023-3772 | — | < 5.3.18-150300.223.1 | 5.3.18-150300.223.1 | Jul 25, 2023 | A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of s | ||
| CVE-2023-3567 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Jul 24, 2023 | A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. | ||
| CVE-2023-0160 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Jul 18, 2023 | A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system. | ||
| CVE-2023-31248 | — | < 5.3.18-150300.223.1 | 5.3.18-150300.223.1 | Jul 5, 2023 | Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace | ||
| CVE-2023-35827 | — | < 5.3.18-150300.161.1 | 5.3.18-150300.161.1 | Jun 18, 2023 | An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. | ||
| CVE-2023-3111 | — | < 5.3.18-150300.214.1 | 5.3.18-150300.214.1 | Jun 5, 2023 | A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). | ||
| CVE-2023-2176 | — | < 5.3.18-150300.172.1 | 5.3.18-150300.172.1 | Apr 20, 2023 | A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. | ||
| CVE-2023-28328 | — | < 5.3.18-150300.223.1 | 5.3.18-150300.223.1 | Apr 19, 2023 | A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially caus | ||
| CVE-2023-28327 | — | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Apr 19, 2023 | A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. | ||
| CVE-2023-2162 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Apr 19, 2023 | A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. | ||
| CVE-2023-1829 | — | < 5.3.18-150300.172.1 | 5.3.18-150300.172.1 | Apr 12, 2023 | A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying struc | ||
| CVE-2023-1990 | — | < 5.3.18-150300.211.1 | 5.3.18-150300.211.1 | Apr 12, 2023 | A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. | ||
| CVE-2023-1380 | — | < 5.3.18-150300.223.1 | 5.3.18-150300.223.1 | Mar 27, 2023 | A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading t |
- CVE-2023-7042Dec 21, 2023affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.
- affected < 5.3.18-150300.161.1fixed 5.3.18-150300.161.1
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Po
- CVE-2023-24023Nov 28, 2023affected < 5.3.18-150300.175.1fixed 5.3.18-150300.175.1
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUF
- affected < 5.3.18-150300.172.1fixed 5.3.18-150300.172.1
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is r
- CVE-2023-42753Sep 25, 2023affected < 5.3.18-150300.223.1fixed 5.3.18-150300.223.1
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This iss
- CVE-2023-4244Sep 6, 2023affected < 5.3.18-150300.172.1fixed 5.3.18-150300.172.1
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to under
- CVE-2023-4132Aug 3, 2023affected < 5.3.18-150300.232.1fixed 5.3.18-150300.232.1
A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.
- CVE-2023-3772Jul 25, 2023affected < 5.3.18-150300.223.1fixed 5.3.18-150300.223.1
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of s
- CVE-2023-3567Jul 24, 2023affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
- CVE-2023-0160Jul 18, 2023affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.
- CVE-2023-31248Jul 5, 2023affected < 5.3.18-150300.223.1fixed 5.3.18-150300.223.1
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
- CVE-2023-35827Jun 18, 2023affected < 5.3.18-150300.161.1fixed 5.3.18-150300.161.1
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.
- CVE-2023-3111Jun 5, 2023affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1
A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().
- CVE-2023-2176Apr 20, 2023affected < 5.3.18-150300.172.1fixed 5.3.18-150300.172.1
A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.
- CVE-2023-28328Apr 19, 2023affected < 5.3.18-150300.223.1fixed 5.3.18-150300.223.1
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially caus
- CVE-2023-28327Apr 19, 2023affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.
- CVE-2023-2162Apr 19, 2023affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
- CVE-2023-1829Apr 12, 2023affected < 5.3.18-150300.172.1fixed 5.3.18-150300.172.1
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying struc
- CVE-2023-1990Apr 12, 2023affected < 5.3.18-150300.211.1fixed 5.3.18-150300.211.1
A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.
- CVE-2023-1380Mar 27, 2023affected < 5.3.18-150300.223.1fixed 5.3.18-150300.223.1
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading t
Page 68 of 70