rpm package
suse/kernel-source-rt&distro=SUSE Linux Enterprise Real Time 12 SP5
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5
Vulnerabilities (1,429)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-1513 | — | < 4.12.14-10.121.1 | 4.12.14-10.121.1 | Mar 23, 2023 | A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. | ||
| CVE-2023-1249 | — | < 4.12.14-10.130.1 | 4.12.14-10.130.1 | Mar 23, 2023 | A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. | ||
| CVE-2023-0590 | — | < 4.12.14-10.115.1 | 4.12.14-10.115.1 | Mar 23, 2023 | A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. | ||
| CVE-2023-1281 | — | < 4.12.14-10.121.1 | 4.12.14-10.121.1 | Mar 22, 2023 | Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A l | ||
| CVE-2022-4095 | — | < 4.12.14-10.109.1 | 4.12.14-10.109.1 | Mar 22, 2023 | A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. | ||
| CVE-2023-1390 | — | < 4.12.14-10.121.1 | 4.12.14-10.121.1 | Mar 16, 2023 | A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in | ||
| CVE-2023-28466 | — | < 4.12.14-10.127.1 | 4.12.14-10.127.1 | Mar 15, 2023 | do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). | ||
| CVE-2022-3707 | — | < 4.12.14-10.109.1 | 4.12.14-10.109.1 | Mar 6, 2023 | A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. | ||
| CVE-2022-3424 | — | < 4.12.14-10.103.1 | 4.12.14-10.103.1 | Mar 6, 2023 | A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate | ||
| CVE-2023-1118 | — | < 4.12.14-10.118.1 | 4.12.14-10.118.1 | Mar 2, 2023 | A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | ||
| CVE-2023-0461 | — | < 4.12.14-10.154.1 | 4.12.14-10.154.1 | Feb 28, 2023 | There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege | ||
| CVE-2023-1095 | — | < 4.12.14-10.121.1 | 4.12.14-10.121.1 | Feb 28, 2023 | In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer deref | ||
| CVE-2023-26545 | — | < 4.12.14-10.118.1 | 4.12.14-10.118.1 | Feb 25, 2023 | In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | ||
| CVE-2023-0597 | — | < 4.12.14-10.118.1 | 4.12.14-10.118.1 | Feb 23, 2023 | A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected l | ||
| CVE-2023-0266 | — | KEV | < 4.12.14-10.115.1 | 4.12.14-10.115.1 | Jan 30, 2023 | A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgradin | |
| CVE-2022-4139 | — | < 4.12.14-10.109.1 | 4.12.14-10.109.1 | Jan 27, 2023 | An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. | ||
| CVE-2022-47929 | — | < 4.12.14-10.115.1 | 4.12.14-10.115.1 | Jan 17, 2023 | In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This aff | ||
| CVE-2022-41858 | — | < 4.12.14-10.109.1 | 4.12.14-10.109.1 | Jan 17, 2023 | A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. | ||
| CVE-2023-23559 | — | < 4.12.14-10.118.1 | 4.12.14-10.118.1 | Jan 13, 2023 | In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. | ||
| CVE-2023-23455 | — | < 4.12.14-10.121.1 | 4.12.14-10.121.1 | Jan 12, 2023 | atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). |
- CVE-2023-1513Mar 23, 2023affected < 4.12.14-10.121.1fixed 4.12.14-10.121.1
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
- CVE-2023-1249Mar 23, 2023affected < 4.12.14-10.130.1fixed 4.12.14-10.130.1
A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected.
- CVE-2023-0590Mar 23, 2023affected < 4.12.14-10.115.1fixed 4.12.14-10.115.1
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
- CVE-2023-1281Mar 22, 2023affected < 4.12.14-10.121.1fixed 4.12.14-10.121.1
Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A l
- CVE-2022-4095Mar 22, 2023affected < 4.12.14-10.109.1fixed 4.12.14-10.109.1
A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.
- CVE-2023-1390Mar 16, 2023affected < 4.12.14-10.121.1fixed 4.12.14-10.121.1
A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in
- CVE-2023-28466Mar 15, 2023affected < 4.12.14-10.127.1fixed 4.12.14-10.127.1
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
- CVE-2022-3707Mar 6, 2023affected < 4.12.14-10.109.1fixed 4.12.14-10.109.1
A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.
- CVE-2022-3424Mar 6, 2023affected < 4.12.14-10.103.1fixed 4.12.14-10.103.1
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate
- CVE-2023-1118Mar 2, 2023affected < 4.12.14-10.118.1fixed 4.12.14-10.118.1
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
- CVE-2023-0461Feb 28, 2023affected < 4.12.14-10.154.1fixed 4.12.14-10.154.1
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege
- CVE-2023-1095Feb 28, 2023affected < 4.12.14-10.121.1fixed 4.12.14-10.121.1
In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer deref
- CVE-2023-26545Feb 25, 2023affected < 4.12.14-10.118.1fixed 4.12.14-10.118.1
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
- CVE-2023-0597Feb 23, 2023affected < 4.12.14-10.118.1fixed 4.12.14-10.118.1
A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected l
- affected < 4.12.14-10.115.1fixed 4.12.14-10.115.1
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgradin
- CVE-2022-4139Jan 27, 2023affected < 4.12.14-10.109.1fixed 4.12.14-10.109.1
An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.
- CVE-2022-47929Jan 17, 2023affected < 4.12.14-10.115.1fixed 4.12.14-10.115.1
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This aff
- CVE-2022-41858Jan 17, 2023affected < 4.12.14-10.109.1fixed 4.12.14-10.109.1
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.
- CVE-2023-23559Jan 13, 2023affected < 4.12.14-10.118.1fixed 4.12.14-10.118.1
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
- CVE-2023-23455Jan 12, 2023affected < 4.12.14-10.121.1fixed 4.12.14-10.121.1
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
Page 51 of 72