rpm package
suse/kgraft-patch-SLE12-SP3_Update_45&distro=SUSE OpenStack Cloud 8
pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_45&distro=SUSE%20OpenStack%20Cloud%208
Vulnerabilities (29)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1729 | — | < 1-4.3.2 | 1-4.3.2 | Sep 1, 2022 | A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. | ||
| CVE-2022-1975 | — | < 1-4.3.2 | 1-4.3.2 | Aug 31, 2022 | There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. | ||
| CVE-2022-1974 | — | < 1-4.3.2 | 1-4.3.2 | Aug 31, 2022 | A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. | ||
| CVE-2022-1184 | — | < 1-4.3.2 | 1-4.3.2 | Aug 29, 2022 | A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. | ||
| CVE-2022-21180 | — | < 1-4.3.2 | 1-4.3.2 | Jun 15, 2022 | Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access. | ||
| CVE-2022-21166 | — | < 1-4.3.2 | 1-4.3.2 | Jun 15, 2022 | Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2022-21127 | — | < 1-4.3.2 | 1-4.3.2 | Jun 15, 2022 | Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2022-21125 | — | < 1-4.3.2 | 1-4.3.2 | Jun 15, 2022 | Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2022-21123 | — | < 1-4.3.2 | 1-4.3.2 | Jun 15, 2022 | Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2022-21499 | — | < 1-4.3.2 | 1-4.3.2 | Jun 9, 2022 | KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Scor | ||
| CVE-2022-1652 | — | < 1-4.3.2 | 1-4.3.2 | May 31, 2022 | Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a | ||
| CVE-2022-1419 | — | < 1-4.3.2 | 1-4.3.2 | May 31, 2022 | The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. | ||
| CVE-2022-1734 | — | < 1-4.3.2 | 1-4.3.2 | May 18, 2022 | A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. | ||
| CVE-2022-30594 | — | < 1-4.3.2 | 1-4.3.2 | May 12, 2022 | The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | ||
| CVE-2022-1516 | — | < 1-4.3.2 | 1-4.3.2 | May 5, 2022 | A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s | ||
| CVE-2022-1353 | — | < 1-4.3.2 | 1-4.3.2 | Apr 29, 2022 | A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | ||
| CVE-2022-28388 | — | < 1-4.3.2 | 1-4.3.2 | Apr 3, 2022 | usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | ||
| CVE-2022-28390 | — | < 1-4.3.2 | 1-4.3.2 | Apr 3, 2022 | ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. | ||
| CVE-2022-1011 | — | < 1-4.3.2 | 1-4.3.2 | Mar 18, 2022 | A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. | ||
| CVE-2021-20321 | — | < 1-4.3.2 | 1-4.3.2 | Feb 18, 2022 | A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system. |
- CVE-2022-1729Sep 1, 2022affected < 1-4.3.2fixed 1-4.3.2
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
- CVE-2022-1975Aug 31, 2022affected < 1-4.3.2fixed 1-4.3.2
There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.
- CVE-2022-1974Aug 31, 2022affected < 1-4.3.2fixed 1-4.3.2
A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.
- CVE-2022-1184Aug 29, 2022affected < 1-4.3.2fixed 1-4.3.2
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
- CVE-2022-21180Jun 15, 2022affected < 1-4.3.2fixed 1-4.3.2
Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.
- CVE-2022-21166Jun 15, 2022affected < 1-4.3.2fixed 1-4.3.2
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-21127Jun 15, 2022affected < 1-4.3.2fixed 1-4.3.2
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-21125Jun 15, 2022affected < 1-4.3.2fixed 1-4.3.2
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-21123Jun 15, 2022affected < 1-4.3.2fixed 1-4.3.2
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2022-21499Jun 9, 2022affected < 1-4.3.2fixed 1-4.3.2
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Scor
- CVE-2022-1652May 31, 2022affected < 1-4.3.2fixed 1-4.3.2
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a
- CVE-2022-1419May 31, 2022affected < 1-4.3.2fixed 1-4.3.2
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.
- CVE-2022-1734May 18, 2022affected < 1-4.3.2fixed 1-4.3.2
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.
- CVE-2022-30594May 12, 2022affected < 1-4.3.2fixed 1-4.3.2
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
- CVE-2022-1516May 5, 2022affected < 1-4.3.2fixed 1-4.3.2
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s
- CVE-2022-1353Apr 29, 2022affected < 1-4.3.2fixed 1-4.3.2
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
- CVE-2022-28388Apr 3, 2022affected < 1-4.3.2fixed 1-4.3.2
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
- CVE-2022-28390Apr 3, 2022affected < 1-4.3.2fixed 1-4.3.2
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
- CVE-2022-1011Mar 18, 2022affected < 1-4.3.2fixed 1-4.3.2
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
- CVE-2021-20321Feb 18, 2022affected < 1-4.3.2fixed 1-4.3.2
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
Page 1 of 2