rpm package

suse/kgraft-patch-SLE12-SP3_Update_41&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3

pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_41&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3

Vulnerabilities (52)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-34981	—	< 1-4.3.1	1-4.3.1	May 7, 2024	Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target s
CVE-2022-1016	—	< 7-2.1	7-2.1	Aug 29, 2022	A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
CVE-2021-3659	—	< 1-4.3.1	1-4.3.1	Aug 22, 2022	A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.
CVE-2022-1734	—	< 10-2.2	10-2.2	May 18, 2022	A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
CVE-2022-30594	—	< 9-2.2	9-2.2	May 12, 2022	The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
CVE-2022-1048	—	< 9-2.2	9-2.2	Apr 29, 2022	A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
CVE-2021-4202	—	< 4-2.2	4-2.2	Mar 25, 2022	A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalat
CVE-2022-0330	—	< 8-2.1	8-2.1	Mar 25, 2022	A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2022-1011	—	< 7-2.1	7-2.1	Mar 18, 2022	A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
CVE-2021-39713	—	< 7-2.1	7-2.1	Mar 16, 2022	Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel
CVE-2021-3732	—	< 1-4.3.1	1-4.3.1	Mar 7, 2022	A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible.
CVE-2021-3640	—	< 1-4.3.1	1-4.3.1	Mar 3, 2022	A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable fau
CVE-2022-0492	—	< 6-2.1	6-2.1	Mar 3, 2022	A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpecte
CVE-2021-3715	—	< 1-4.3.1	1-4.3.1	Mar 2, 2022	A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges
CVE-2021-3772	—	< 1-4.3.1	1-4.3.1	Mar 2, 2022	A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
CVE-2021-20322	—	< 1-4.3.1	1-4.3.1	Feb 18, 2022	A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomizat
CVE-2021-3752	—	< 1-4.3.1	1-4.3.1	Feb 16, 2022	A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vuln
CVE-2021-3760	—	< 1-4.3.1	1-4.3.1	Feb 16, 2022	A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.
CVE-2021-3753	—	< 1-4.3.1	1-4.3.1	Feb 16, 2022	A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidenti
CVE-2022-0487	—	< 6-2.1	6-2.1	Feb 4, 2022	A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.

CVE-2021-34981May 7, 2024
affected < 1-4.3.1fixed 1-4.3.1
Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target s
CVE-2022-1016Aug 29, 2022
affected < 7-2.1fixed 7-2.1
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
CVE-2021-3659Aug 22, 2022
affected < 1-4.3.1fixed 1-4.3.1
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.
CVE-2022-1734May 18, 2022
affected < 10-2.2fixed 10-2.2
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
CVE-2022-30594May 12, 2022
affected < 9-2.2fixed 9-2.2
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
CVE-2022-1048Apr 29, 2022
affected < 9-2.2fixed 9-2.2
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
CVE-2021-4202Mar 25, 2022
affected < 4-2.2fixed 4-2.2
A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalat
CVE-2022-0330Mar 25, 2022
affected < 8-2.1fixed 8-2.1
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2022-1011Mar 18, 2022
affected < 7-2.1fixed 7-2.1
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
CVE-2021-39713Mar 16, 2022
affected < 7-2.1fixed 7-2.1
Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel
CVE-2021-3732Mar 7, 2022
affected < 1-4.3.1fixed 1-4.3.1
A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible.
CVE-2021-3640Mar 3, 2022
affected < 1-4.3.1fixed 1-4.3.1
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable fau
CVE-2022-0492Mar 3, 2022
affected < 6-2.1fixed 6-2.1
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpecte
CVE-2021-3715Mar 2, 2022
affected < 1-4.3.1fixed 1-4.3.1
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges
CVE-2021-3772Mar 2, 2022
affected < 1-4.3.1fixed 1-4.3.1
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
CVE-2021-20322Feb 18, 2022
affected < 1-4.3.1fixed 1-4.3.1
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomizat
CVE-2021-3752Feb 16, 2022
affected < 1-4.3.1fixed 1-4.3.1
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vuln
CVE-2021-3760Feb 16, 2022
affected < 1-4.3.1fixed 1-4.3.1
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.
CVE-2021-3753Feb 16, 2022
affected < 1-4.3.1fixed 1-4.3.1
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidenti
CVE-2022-0487Feb 4, 2022
affected < 6-2.1fixed 6-2.1
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.

Page 1 of 3