VYPR

rpm package

suse/kgraft-patch-SLE12-SP3_Update_44&distro=SUSE Linux Enterprise Server 12 SP3-LTSS

pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_44&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS

Vulnerabilities (18)

  • CVE-2022-1016Aug 29, 2022
    affected < 1-4.5.1fixed 1-4.5.1

    A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.

  • CVE-2022-0850Aug 29, 2022
    affected < 1-4.5.1fixed 1-4.5.1

    A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.

  • CVE-2022-1734May 18, 2022
    affected < 4-2.2fixed 4-2.2

    A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.

  • CVE-2022-30594May 12, 2022
    affected < 3-2.2fixed 3-2.2

    The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.

  • CVE-2022-1048Apr 29, 2022
    affected < 1-4.5.1fixed 1-4.5.1

    A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat

  • CVE-2021-45868Mar 18, 2022
    affected < 1-4.5.1fixed 1-4.5.1

    In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.

  • CVE-2022-1011Mar 18, 2022
    affected < 2-2.1fixed 2-2.1

    A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

  • CVE-2021-39713Mar 16, 2022
    affected < 2-2.1fixed 2-2.1

    Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel

  • CVE-2022-26966Mar 12, 2022
    affected < 1-4.5.1fixed 1-4.5.1

    An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.

  • CVE-2022-23042Mar 10, 2022
    affected < 1-4.5.1fixed 1-4.5.1

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access

  • CVE-2022-23041Mar 10, 2022
    affected < 1-4.5.1fixed 1-4.5.1

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access

  • CVE-2022-23040Mar 10, 2022
    affected < 1-4.5.1fixed 1-4.5.1

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access

  • CVE-2022-23039Mar 10, 2022
    affected < 1-4.5.1fixed 1-4.5.1

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access

  • CVE-2022-23038Mar 10, 2022
    affected < 1-4.5.1fixed 1-4.5.1

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access

  • CVE-2022-23037Mar 10, 2022
    affected < 1-4.5.1fixed 1-4.5.1

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access

  • CVE-2022-23036Mar 10, 2022
    affected < 1-4.5.1fixed 1-4.5.1

    Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access

  • CVE-2022-26490Mar 6, 2022
    affected < 1-4.5.1fixed 1-4.5.1

    st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.

  • CVE-2021-28688Apr 6, 2021
    affected < 2-2.1fixed 2-2.1

    The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup wo