rpm package
suse/kernel-syms&distro=SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Vulnerabilities (263)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-3646 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Oct 21, 2022 | A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is r | ||
| CVE-2022-3635 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Oct 21, 2022 | A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this | ||
| CVE-2022-3621 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Oct 20, 2022 | A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack rem | ||
| CVE-2022-3586 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Oct 19, 2022 | A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to cra | ||
| CVE-2022-3567 | — | < 3.0.101-108.141.1 | 3.0.101-108.141.1 | Oct 17, 2022 | A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VD | ||
| CVE-2022-3566 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Oct 17, 2022 | A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VD | ||
| CVE-2022-3565 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Oct 17, 2022 | A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch | ||
| CVE-2022-3524 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Oct 16, 2022 | A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply | ||
| CVE-2022-41848 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Sep 30, 2022 | drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. | ||
| CVE-2022-41850 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Sep 30, 2022 | roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. | ||
| CVE-2022-3303 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Sep 27, 2022 | A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, | ||
| CVE-2022-41218 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Sep 21, 2022 | In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. | ||
| CVE-2022-40768 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Sep 18, 2022 | drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | ||
| CVE-2022-39188 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Sep 2, 2022 | An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. | ||
| CVE-2022-2663 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Sep 1, 2022 | An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. | ||
| CVE-2022-3028 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Aug 31, 2022 | A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory | ||
| CVE-2022-21385 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Aug 29, 2022 | A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) | ||
| CVE-2022-20368 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Aug 11, 2022 | Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel | ||
| CVE-2022-20369 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Aug 11, 2022 | In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An | ||
| CVE-2022-36879 | — | < 3.0.101-108.138.1 | 3.0.101-108.138.1 | Jul 27, 2022 | An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. |
- CVE-2022-3646Oct 21, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is r
- CVE-2022-3635Oct 21, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this
- CVE-2022-3621Oct 20, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack rem
- CVE-2022-3586Oct 19, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to cra
- CVE-2022-3567Oct 17, 2022affected < 3.0.101-108.141.1fixed 3.0.101-108.141.1
A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6_stream_ops/inet6_dgram_ops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VD
- CVE-2022-3566Oct 17, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VD
- CVE-2022-3565Oct 17, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch
- CVE-2022-3524Oct 16, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply
- CVE-2022-41848Sep 30, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.
- CVE-2022-41850Sep 30, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
- CVE-2022-3303Sep 27, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system,
- CVE-2022-41218Sep 21, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.
- CVE-2022-40768Sep 18, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
- CVE-2022-39188Sep 2, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.
- CVE-2022-2663Sep 1, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
- CVE-2022-3028Aug 31, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory
- CVE-2022-21385Aug 29, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
- CVE-2022-20368Aug 11, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel
- CVE-2022-20369Aug 11, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An
- CVE-2022-36879Jul 27, 2022affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.
Page 11 of 14