rpm package
suse/kernel-syms&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2
Vulnerabilities (812)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1652 | Hig | 7.8 | < 5.3.18-150200.24.115.1 | 5.3.18-150200.24.115.1 | Jun 2, 2022 | Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a | |
| CVE-2022-1462 | Med | 6.3 | < 5.3.18-150200.24.126.1 | 5.3.18-150200.24.126.1 | Jun 2, 2022 | An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local u | |
| CVE-2022-1734 | Hig | 7.0 | < 5.3.18-150200.24.115.1 | 5.3.18-150200.24.115.1 | May 18, 2022 | A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. | |
| CVE-2022-29581 | Hig | 7.8 | < 5.3.18-150200.24.129.1 | 5.3.18-150200.24.129.1 | May 17, 2022 | Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. | |
| CVE-2022-1116 | Hig | 7.8 | < 5.3.18-150200.24.126.1 | 5.3.18-150200.24.126.1 | May 17, 2022 | Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. | |
| CVE-2022-1679 | Hig | 7.8 | < 5.3.18-150200.24.126.1 | 5.3.18-150200.24.126.1 | May 16, 2022 | A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |
| CVE-2022-30594 | Hig | 7.8 | < 5.3.18-150200.24.115.1 | 5.3.18-150200.24.115.1 | May 12, 2022 | The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | |
| CVE-2022-20008 | Med | 4.6 | < 5.3.18-150200.24.134.1 | 5.3.18-150200.24.134.1 | May 10, 2022 | In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is no | |
| CVE-2022-1516 | Med | 5.5 | < 5.3.18-150200.24.115.1 | 5.3.18-150200.24.115.1 | May 5, 2022 | A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s | |
| CVE-2022-1353 | Hig | 7.1 | < 5.3.18-150200.24.115.1 | 5.3.18-150200.24.115.1 | Apr 29, 2022 | A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | |
| CVE-2022-1048 | Hig | 7.0 | < 5.3.18-150200.24.112.1 | 5.3.18-150200.24.112.1 | Apr 29, 2022 | A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat | |
| CVE-2022-28893 | Hig | 7.8 | < 5.3.18-150200.24.115.1 | 5.3.18-150200.24.115.1 | Apr 11, 2022 | The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. | |
| CVE-2022-28390 | Hig | 7.8 | < 5.3.18-150200.24.112.1 | 5.3.18-150200.24.112.1 | Apr 3, 2022 | ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. | |
| CVE-2022-28389 | Med | 5.5 | < 5.3.18-150200.24.112.1 | 5.3.18-150200.24.112.1 | Apr 3, 2022 | mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. | |
| CVE-2022-28388 | Med | 5.5 | < 5.3.18-150200.24.112.1 | 5.3.18-150200.24.112.1 | Apr 3, 2022 | usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | |
| CVE-2022-1055 | Hig | 7.8 | < 5.3.18-150200.24.112.1 | 5.3.18-150200.24.112.1 | Mar 29, 2022 | A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 | |
| CVE-2022-0435 | Hig | 8.8 | < 5.3.18-24.102.1 | 5.3.18-24.102.1 | Mar 25, 2022 | A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate | |
| CVE-2022-0330 | Hig | 7.8 | < 5.3.18-24.102.1 | 5.3.18-24.102.1 | Mar 25, 2022 | A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. | |
| CVE-2022-0322 | Med | 5.5 | < 5.3.18-24.99.1 | 5.3.18-24.99.1 | Mar 25, 2022 | A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of s | |
| CVE-2021-4203 | Med | 6.8 | < 5.3.18-150200.24.129.1 | 5.3.18-150200.24.129.1 | Mar 25, 2022 | A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. |
- affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a
- affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local u
- affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
- affected < 5.3.18-150200.24.129.1fixed 5.3.18-150200.24.129.1
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
- affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions.
- affected < 5.3.18-150200.24.126.1fixed 5.3.18-150200.24.126.1
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
- affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
- affected < 5.3.18-150200.24.134.1fixed 5.3.18-150200.24.134.1
In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is no
- affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s
- affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
- affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
- affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
- affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
- affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
- affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
- affected < 5.3.18-150200.24.112.1fixed 5.3.18-150200.24.112.1
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
- affected < 5.3.18-24.102.1fixed 5.3.18-24.102.1
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate
- affected < 5.3.18-24.102.1fixed 5.3.18-24.102.1
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
- affected < 5.3.18-24.99.1fixed 5.3.18-24.99.1
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of s
- affected < 5.3.18-150200.24.129.1fixed 5.3.18-150200.24.129.1
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
Page 37 of 41