rpm package

suse/kgraft-patch-SLE12-SP3_Update_44&distro=HPE Helion OpenStack 8

pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_44&distro=HPE%20Helion%20OpenStack%208

Vulnerabilities (13)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-1016	—	< 1-4.5.1	1-4.5.1	Aug 29, 2022	A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
CVE-2022-0850	—	< 1-4.5.1	1-4.5.1	Aug 29, 2022	A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.
CVE-2022-1048	—	< 1-4.5.1	1-4.5.1	Apr 29, 2022	A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
CVE-2021-45868	—	< 1-4.5.1	1-4.5.1	Mar 18, 2022	In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.
CVE-2022-26966	—	< 1-4.5.1	1-4.5.1	Mar 12, 2022	An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.
CVE-2022-23042	—	< 1-4.5.1	1-4.5.1	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23041	—	< 1-4.5.1	1-4.5.1	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23040	—	< 1-4.5.1	1-4.5.1	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23039	—	< 1-4.5.1	1-4.5.1	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23038	—	< 1-4.5.1	1-4.5.1	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23037	—	< 1-4.5.1	1-4.5.1	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23036	—	< 1-4.5.1	1-4.5.1	Mar 10, 2022	Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-26490	—	< 1-4.5.1	1-4.5.1	Mar 6, 2022	st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.

CVE-2022-1016Aug 29, 2022
affected < 1-4.5.1fixed 1-4.5.1
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
CVE-2022-0850Aug 29, 2022
affected < 1-4.5.1fixed 1-4.5.1
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.
CVE-2022-1048Apr 29, 2022
affected < 1-4.5.1fixed 1-4.5.1
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat
CVE-2021-45868Mar 18, 2022
affected < 1-4.5.1fixed 1-4.5.1
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.
CVE-2022-26966Mar 12, 2022
affected < 1-4.5.1fixed 1-4.5.1
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.
CVE-2022-23042Mar 10, 2022
affected < 1-4.5.1fixed 1-4.5.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23041Mar 10, 2022
affected < 1-4.5.1fixed 1-4.5.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23040Mar 10, 2022
affected < 1-4.5.1fixed 1-4.5.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23039Mar 10, 2022
affected < 1-4.5.1fixed 1-4.5.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23038Mar 10, 2022
affected < 1-4.5.1fixed 1-4.5.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23037Mar 10, 2022
affected < 1-4.5.1fixed 1-4.5.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-23036Mar 10, 2022
affected < 1-4.5.1fixed 1-4.5.1
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access
CVE-2022-26490Mar 6, 2022
affected < 1-4.5.1fixed 1-4.5.1
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.