rpm package

suse/kernel-syms&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4

pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Vulnerabilities (572)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-21499	—	< 4.12.14-95.102.1	4.12.14-95.102.1	Jun 9, 2022	KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Scor
CVE-2022-1652	—	< 4.12.14-95.99.2	4.12.14-95.99.2	May 31, 2022	Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a
CVE-2022-1419	—	< 4.12.14-95.99.2	4.12.14-95.99.2	May 31, 2022	The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of drm_vgem_gem_object (created in vgem_gem_dumb_create) concurrently, and vgem_gem_dumb_create will access the freed drm_vgem_gem_object.
CVE-2022-1462	—	< 4.12.14-95.105.1	4.12.14-95.105.1	May 31, 2022	An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local u
CVE-2022-1734	—	< 4.12.14-95.99.2	4.12.14-95.99.2	May 18, 2022	A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
CVE-2022-1679	—	< 4.12.14-95.102.1	4.12.14-95.102.1	May 16, 2022	A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-30594	—	< 4.12.14-95.99.2	4.12.14-95.99.2	May 12, 2022	The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
CVE-2022-1516	—	< 4.12.14-95.99.2	4.12.14-95.99.2	May 5, 2022	A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s
CVE-2022-1353	—	< 4.12.14-95.99.2	4.12.14-95.99.2	Apr 29, 2022	A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
CVE-2022-1048	—	< 4.12.14-95.96.1	4.12.14-95.96.1	Apr 29, 2022	A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
CVE-2022-28388	—	< 4.12.14-95.96.1	4.12.14-95.96.1	Apr 3, 2022	usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28389	—	< 4.12.14-95.96.1	4.12.14-95.96.1	Apr 3, 2022	mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28390	—	< 4.12.14-95.96.1	4.12.14-95.96.1	Apr 3, 2022	ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28356	—	< 4.12.14-95.96.1	4.12.14-95.96.1	Apr 2, 2022	In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
CVE-2022-0322	—	< 4.12.14-95.88.1	4.12.14-95.88.1	Mar 25, 2022	A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of s
CVE-2021-4202	—	< 4.12.14-95.88.1	4.12.14-95.88.1	Mar 25, 2022	A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalat
CVE-2021-4157	—	< 4.12.14-95.102.1	4.12.14-95.102.1	Mar 25, 2022	An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileg
CVE-2022-0435	—	< 4.12.14-95.88.1	4.12.14-95.88.1	Mar 25, 2022	A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate
CVE-2022-0330	—	< 4.12.14-95.88.1	4.12.14-95.88.1	Mar 25, 2022	A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2021-4203	—	< 4.12.14-95.108.1	4.12.14-95.108.1	Mar 25, 2022	A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.

CVE-2022-21499Jun 9, 2022
affected < 4.12.14-95.102.1fixed 4.12.14-95.102.1
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Scor
CVE-2022-1652May 31, 2022
affected < 4.12.14-95.99.2fixed 4.12.14-95.99.2
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a
CVE-2022-1419May 31, 2022
affected < 4.12.14-95.99.2fixed 4.12.14-95.99.2
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.
CVE-2022-1462May 31, 2022
affected < 4.12.14-95.105.1fixed 4.12.14-95.105.1
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local u
CVE-2022-1734May 18, 2022
affected < 4.12.14-95.99.2fixed 4.12.14-95.99.2
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
CVE-2022-1679May 16, 2022
affected < 4.12.14-95.102.1fixed 4.12.14-95.102.1
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-30594May 12, 2022
affected < 4.12.14-95.99.2fixed 4.12.14-95.99.2
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
CVE-2022-1516May 5, 2022
affected < 4.12.14-95.99.2fixed 4.12.14-95.99.2
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s
CVE-2022-1353Apr 29, 2022
affected < 4.12.14-95.99.2fixed 4.12.14-95.99.2
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
CVE-2022-1048Apr 29, 2022
affected < 4.12.14-95.96.1fixed 4.12.14-95.96.1
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
CVE-2022-28388Apr 3, 2022
affected < 4.12.14-95.96.1fixed 4.12.14-95.96.1
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28389Apr 3, 2022
affected < 4.12.14-95.96.1fixed 4.12.14-95.96.1
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28390Apr 3, 2022
affected < 4.12.14-95.96.1fixed 4.12.14-95.96.1
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVE-2022-28356Apr 2, 2022
affected < 4.12.14-95.96.1fixed 4.12.14-95.96.1
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.
CVE-2022-0322Mar 25, 2022
affected < 4.12.14-95.88.1fixed 4.12.14-95.88.1
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of s
CVE-2021-4202Mar 25, 2022
affected < 4.12.14-95.88.1fixed 4.12.14-95.88.1
A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalat
CVE-2021-4157Mar 25, 2022
affected < 4.12.14-95.102.1fixed 4.12.14-95.102.1
An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileg
CVE-2022-0435Mar 25, 2022
affected < 4.12.14-95.88.1fixed 4.12.14-95.88.1
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate
CVE-2022-0330Mar 25, 2022
affected < 4.12.14-95.88.1fixed 4.12.14-95.88.1
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2021-4203Mar 25, 2022
affected < 4.12.14-95.108.1fixed 4.12.14-95.108.1
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.

Page 6 of 29