rpm package
suse/kernel-syms&distro=SUSE Linux Enterprise Module for Development Tools 15 SP3
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3
Vulnerabilities (316)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1729 | Hig | 7.0 | < 5.3.18-150300.59.71.1 | 5.3.18-150300.59.71.1 | Sep 1, 2022 | A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. | |
| CVE-2020-27784 | Med | 5.5 | < 5.3.18-150300.59.93.1 | 5.3.18-150300.59.93.1 | Sep 1, 2022 | A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free(). | |
| CVE-2022-3028 | Hig | 7.0 | < 5.3.18-150300.59.93.1 | 5.3.18-150300.59.93.1 | Aug 31, 2022 | A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory | |
| CVE-2022-2153 | Med | 5.5 | < 5.3.18-150300.59.101.1 | 5.3.18-150300.59.101.1 | Aug 31, 2022 | A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl | |
| CVE-2022-1975 | Med | 5.5 | < 5.3.18-150300.59.76.1 | 5.3.18-150300.59.76.1 | Aug 31, 2022 | There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. | |
| CVE-2022-1974 | Med | 4.1 | < 5.3.18-150300.59.76.1 | 5.3.18-150300.59.76.1 | Aug 31, 2022 | A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. | |
| CVE-2022-1205 | Med | 4.7 | < 5.3.18-150300.59.63.1 | 5.3.18-150300.59.63.1 | Aug 31, 2022 | A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. | |
| CVE-2022-1199 | Hig | 7.5 | < 5.3.18-150300.59.63.1 | 5.3.18-150300.59.63.1 | Aug 29, 2022 | A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. | |
| CVE-2022-1198 | Med | 5.5 | < 5.3.18-150300.59.63.1 | 5.3.18-150300.59.63.1 | Aug 29, 2022 | A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. | |
| CVE-2022-1184 | Med | 5.5 | < 5.3.18-150300.59.71.1 | 5.3.18-150300.59.71.1 | Aug 29, 2022 | A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. | |
| CVE-2022-1016 | Med | 5.5 | < 5.3.18-150300.59.63.1 | 5.3.18-150300.59.63.1 | Aug 29, 2022 | A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. | |
| CVE-2022-0850 | Hig | 7.1 | < 5.3.18-150300.59.63.1 | 5.3.18-150300.59.63.1 | Aug 29, 2022 | A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. | |
| CVE-2022-0812 | Med | 4.3 | < 5.3.18-150300.59.68.1 | 5.3.18-150300.59.68.1 | Aug 29, 2022 | An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. | |
| CVE-2022-0168 | Med | 4.4 | < 5.3.18-150300.59.71.1 | 5.3.18-150300.59.71.1 | Aug 26, 2022 | A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to cr | |
| CVE-2021-3669 | Med | 5.5 | < 5.3.18-59.27.1 | 5.3.18-59.27.1 | Aug 26, 2022 | A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | |
| CVE-2022-2978 | Hig | 7.8 | < 5.3.18-150300.59.101.1 | 5.3.18-150300.59.101.1 | Aug 24, 2022 | A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on | |
| CVE-2021-4155 | Med | 5.5 | < 5.3.18-150300.59.93.1 | 5.3.18-150300.59.93.1 | Aug 24, 2022 | A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. | |
| CVE-2021-4037 | Hig | 7.8 | < 5.3.18-150300.59.101.1 | 5.3.18-150300.59.101.1 | Aug 24, 2022 | A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a direct | |
| CVE-2021-3764 | Med | 5.5 | < 5.3.18-59.27.1 | 5.3.18-59.27.1 | Aug 23, 2022 | A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. | |
| CVE-2021-3759 | Med | 5.5 | < 5.3.18-59.24.1 | 5.3.18-59.24.1 | Aug 23, 2022 | A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highe |
- affected < 5.3.18-150300.59.71.1fixed 5.3.18-150300.59.71.1
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
- affected < 5.3.18-150300.59.93.1fixed 5.3.18-150300.59.93.1
A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().
- affected < 5.3.18-150300.59.93.1fixed 5.3.18-150300.59.93.1
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory
- affected < 5.3.18-150300.59.101.1fixed 5.3.18-150300.59.101.1
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl
- affected < 5.3.18-150300.59.76.1fixed 5.3.18-150300.59.76.1
There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.
- affected < 5.3.18-150300.59.76.1fixed 5.3.18-150300.59.76.1
A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.
- affected < 5.3.18-150300.59.63.1fixed 5.3.18-150300.59.63.1
A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.
- affected < 5.3.18-150300.59.63.1fixed 5.3.18-150300.59.63.1
A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.
- affected < 5.3.18-150300.59.63.1fixed 5.3.18-150300.59.63.1
A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.
- affected < 5.3.18-150300.59.71.1fixed 5.3.18-150300.59.71.1
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
- affected < 5.3.18-150300.59.63.1fixed 5.3.18-150300.59.63.1
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
- affected < 5.3.18-150300.59.63.1fixed 5.3.18-150300.59.63.1
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.
- affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.
- affected < 5.3.18-150300.59.71.1fixed 5.3.18-150300.59.71.1
A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to cr
- affected < 5.3.18-59.27.1fixed 5.3.18-59.27.1
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.
- affected < 5.3.18-150300.59.101.1fixed 5.3.18-150300.59.101.1
A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on
- affected < 5.3.18-150300.59.93.1fixed 5.3.18-150300.59.93.1
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.
- affected < 5.3.18-150300.59.101.1fixed 5.3.18-150300.59.101.1
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a direct
- affected < 5.3.18-59.27.1fixed 5.3.18-59.27.1
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
- affected < 5.3.18-59.24.1fixed 5.3.18-59.24.1
A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highe
Page 4 of 16