rpm package
suse/kernel-syms&distro=SUSE Linux Enterprise Server 12 SP2-BCL
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Vulnerabilities (580)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-32269 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | May 5, 2023 | An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing con | ||
| CVE-2023-31436 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Apr 28, 2023 | qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. | ||
| CVE-2023-1998 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Apr 21, 2023 | The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim pr | ||
| CVE-2023-2194 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Apr 20, 2023 | An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could al | ||
| CVE-2023-28328 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Apr 19, 2023 | A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially caus | ||
| CVE-2023-2162 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Apr 19, 2023 | A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. | ||
| CVE-2023-30772 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Apr 16, 2023 | The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. | ||
| CVE-2023-1990 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Apr 12, 2023 | A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. | ||
| CVE-2023-1989 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Apr 11, 2023 | A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. | ||
| CVE-2023-1611 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Apr 3, 2023 | A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea | ||
| CVE-2023-28464 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Mar 31, 2023 | hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. | ||
| CVE-2023-1670 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Mar 30, 2023 | A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | ||
| CVE-2023-1637 | — | < 4.4.121-92.208.1 | 4.4.121-92.208.1 | Mar 27, 2023 | A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unaut | ||
| CVE-2023-1380 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Mar 27, 2023 | A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading t | ||
| CVE-2023-1077 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Mar 27, 2023 | In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a | ||
| CVE-2023-28772 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Mar 23, 2023 | An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. | ||
| CVE-2023-1513 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Mar 23, 2023 | A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. | ||
| CVE-2023-1249 | — | < 4.4.121-92.205.1 | 4.4.121-92.205.1 | Mar 23, 2023 | A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. | ||
| CVE-2023-0590 | — | < 4.4.121-92.202.6 | 4.4.121-92.202.6 | Mar 23, 2023 | A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. | ||
| CVE-2022-4095 | — | < 4.4.121-92.196.2 | 4.4.121-92.196.2 | Mar 22, 2023 | A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. |
- CVE-2023-32269May 5, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing con
- CVE-2023-31436Apr 28, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
- CVE-2023-1998Apr 21, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim pr
- CVE-2023-2194Apr 20, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could al
- CVE-2023-28328Apr 19, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially caus
- CVE-2023-2162Apr 19, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
- CVE-2023-30772Apr 16, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.
- CVE-2023-1990Apr 12, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.
- CVE-2023-1989Apr 11, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.
- CVE-2023-1611Apr 3, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea
- CVE-2023-28464Mar 31, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
- CVE-2023-1670Mar 30, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
- CVE-2023-1637Mar 27, 2023affected < 4.4.121-92.208.1fixed 4.4.121-92.208.1
A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unaut
- CVE-2023-1380Mar 27, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading t
- CVE-2023-1077Mar 27, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a
- CVE-2023-28772Mar 23, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
- CVE-2023-1513Mar 23, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
- CVE-2023-1249Mar 23, 2023affected < 4.4.121-92.205.1fixed 4.4.121-92.205.1
A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected.
- CVE-2023-0590Mar 23, 2023affected < 4.4.121-92.202.6fixed 4.4.121-92.202.6
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
- CVE-2022-4095Mar 22, 2023affected < 4.4.121-92.196.2fixed 4.4.121-92.196.2
A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.
Page 2 of 29