rpm package
suse/kernel-source-rt&distro=SUSE Linux Enterprise Real Time 12 SP5
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5
Vulnerabilities (1,429)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-6535 | — | < 4.12.14-10.182.1 | 4.12.14-10.182.1 | Feb 7, 2024 | A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial | ||
| CVE-2023-6356 | — | < 4.12.14-10.182.1 | 4.12.14-10.182.1 | Feb 7, 2024 | A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a deni | ||
| CVE-2024-24855 | Med | 5.0 | < 4.12.14-10.182.1 | 4.12.14-10.182.1 | Feb 5, 2024 | A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | |
| CVE-2024-24861 | — | < 4.12.14-10.182.1 | 4.12.14-10.182.1 | Feb 5, 2024 | A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue. | ||
| CVE-2024-1086 | — | KEV | < 4.12.14-10.162.1 | 4.12.14-10.162.1 | Jan 31, 2024 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cau | |
| CVE-2023-46838 | — | < 4.12.14-10.162.1 | 4.12.14-10.162.1 | Jan 29, 2024 | Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are | ||
| CVE-2024-23307 | Med | 4.4 | < 4.12.14-10.182.1 | 4.12.14-10.182.1 | Jan 25, 2024 | Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow. | |
| CVE-2024-22099 | Med | 6.3 | < 4.12.14-10.182.1 | 4.12.14-10.182.1 | Jan 25, 2024 | NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2. | |
| CVE-2024-23848 | Med | 5.5 | < 4.12.14-10.182.1 | 4.12.14-10.182.1 | Jan 23, 2024 | In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. | |
| CVE-2023-39197 | — | < 4.12.14-10.154.1 | 4.12.14-10.154.1 | Jan 23, 2024 | An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol. | ||
| CVE-2024-23851 | — | < 4.12.14-10.171.1 | 4.12.14-10.171.1 | Jan 23, 2024 | copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl. | ||
| CVE-2024-23849 | — | < 4.12.14-10.171.1 | 4.12.14-10.171.1 | Jan 23, 2024 | In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access. | ||
| CVE-2023-51043 | — | < 4.12.14-10.162.1 | 4.12.14-10.162.1 | Jan 23, 2024 | In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload. | ||
| CVE-2023-46343 | — | < 4.12.14-10.171.1 | 4.12.14-10.171.1 | Jan 23, 2024 | In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c. | ||
| CVE-2024-0775 | — | < 4.12.14-10.162.1 | 4.12.14-10.162.1 | Jan 22, 2024 | A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. | ||
| CVE-2024-0607 | — | < 4.12.14-10.171.1 | 4.12.14-10.171.1 | Jan 18, 2024 | A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has | ||
| CVE-2021-33631 | — | < 4.12.14-10.162.1 | 4.12.14-10.162.1 | Jan 18, 2024 | Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0. | ||
| CVE-2024-0639 | — | < 4.12.14-10.188.1 | 4.12.14-10.188.1 | Jan 17, 2024 | A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system. | ||
| CVE-2023-6040 | — | < 4.12.14-10.162.1 | 4.12.14-10.162.1 | Jan 12, 2024 | An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_ | ||
| CVE-2022-48619 | — | < 4.12.14-10.182.1 | 4.12.14-10.182.1 | Jan 12, 2024 | An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap. |
- CVE-2023-6535Feb 7, 2024affected < 4.12.14-10.182.1fixed 4.12.14-10.182.1
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial
- CVE-2023-6356Feb 7, 2024affected < 4.12.14-10.182.1fixed 4.12.14-10.182.1
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a deni
- affected < 4.12.14-10.182.1fixed 4.12.14-10.182.1
A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.
- CVE-2024-24861Feb 5, 2024affected < 4.12.14-10.182.1fixed 4.12.14-10.182.1
A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.
- affected < 4.12.14-10.162.1fixed 4.12.14-10.162.1
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cau
- CVE-2023-46838Jan 29, 2024affected < 4.12.14-10.162.1fixed 4.12.14-10.162.1
Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are
- affected < 4.12.14-10.182.1fixed 4.12.14-10.182.1
Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.
- affected < 4.12.14-10.182.1fixed 4.12.14-10.182.1
NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2.
- affected < 4.12.14-10.182.1fixed 4.12.14-10.182.1
In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
- CVE-2023-39197Jan 23, 2024affected < 4.12.14-10.154.1fixed 4.12.14-10.154.1
An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.
- CVE-2024-23851Jan 23, 2024affected < 4.12.14-10.171.1fixed 4.12.14-10.171.1
copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.
- CVE-2024-23849Jan 23, 2024affected < 4.12.14-10.171.1fixed 4.12.14-10.171.1
In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.
- CVE-2023-51043Jan 23, 2024affected < 4.12.14-10.162.1fixed 4.12.14-10.162.1
In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.
- CVE-2023-46343Jan 23, 2024affected < 4.12.14-10.171.1fixed 4.12.14-10.171.1
In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.
- CVE-2024-0775Jan 22, 2024affected < 4.12.14-10.162.1fixed 4.12.14-10.162.1
A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.
- CVE-2024-0607Jan 18, 2024affected < 4.12.14-10.171.1fixed 4.12.14-10.171.1
A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has
- CVE-2021-33631Jan 18, 2024affected < 4.12.14-10.162.1fixed 4.12.14-10.162.1
Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.
- CVE-2024-0639Jan 17, 2024affected < 4.12.14-10.188.1fixed 4.12.14-10.188.1
A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.
- CVE-2023-6040Jan 12, 2024affected < 4.12.14-10.162.1fixed 4.12.14-10.162.1
An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_
- CVE-2022-48619Jan 12, 2024affected < 4.12.14-10.182.1fixed 4.12.14-10.182.1
An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.
Page 45 of 72