rpm package
suse/kgraft-patch-SLE12-SP4_Update_35&distro=SUSE Linux Enterprise Live Patching 12 SP4
pkg:rpm/suse/kgraft-patch-SLE12-SP4_Update_35&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4
Vulnerabilities (29)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-2124 | — | < 1-6.5.1 | 1-6.5.1 | May 15, 2023 | An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||
| CVE-2023-31436 | — | < 2-2.1 | 2-2.1 | Apr 28, 2023 | qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. | ||
| CVE-2023-1998 | — | < 1-6.5.1 | 1-6.5.1 | Apr 21, 2023 | The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim pr | ||
| CVE-2023-28328 | — | < 1-6.5.1 | 1-6.5.1 | Apr 19, 2023 | A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially caus | ||
| CVE-2023-2162 | — | < 1-6.5.1 | 1-6.5.1 | Apr 19, 2023 | A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. | ||
| CVE-2023-30772 | — | < 1-6.5.1 | 1-6.5.1 | Apr 16, 2023 | The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. | ||
| CVE-2023-1990 | — | < 1-6.5.1 | 1-6.5.1 | Apr 12, 2023 | A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. | ||
| CVE-2023-1989 | — | < 1-6.5.1 | 1-6.5.1 | Apr 11, 2023 | A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. | ||
| CVE-2023-1855 | — | < 1-6.5.1 | 1-6.5.1 | Apr 5, 2023 | A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel info | ||
| CVE-2023-1611 | — | < 1-6.5.1 | 1-6.5.1 | Apr 3, 2023 | A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea | ||
| CVE-2023-28464 | — | < 1-6.5.1 | 1-6.5.1 | Mar 31, 2023 | hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. | ||
| CVE-2023-1670 | — | < 1-6.5.1 | 1-6.5.1 | Mar 30, 2023 | A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | ||
| CVE-2023-1076 | — | < 1-6.5.1 | 1-6.5.1 | Mar 27, 2023 | A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user o | ||
| CVE-2021-3923 | — | < 1-6.5.1 | 1-6.5.1 | Mar 27, 2023 | A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user info | ||
| CVE-2020-36691 | — | < 1-6.5.1 | 1-6.5.1 | Mar 24, 2023 | An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. | ||
| CVE-2023-28772 | — | < 1-6.5.1 | 1-6.5.1 | Mar 23, 2023 | An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. | ||
| CVE-2023-1513 | — | < 1-6.5.1 | 1-6.5.1 | Mar 23, 2023 | A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. | ||
| CVE-2023-0590 | — | < 1-6.5.1 | 1-6.5.1 | Mar 23, 2023 | A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. | ||
| CVE-2023-1390 | — | < 1-6.5.1 | 1-6.5.1 | Mar 16, 2023 | A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in | ||
| CVE-2023-1118 | — | < 1-6.5.1 | 1-6.5.1 | Mar 2, 2023 | A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. |
- CVE-2023-2124May 15, 2023affected < 1-6.5.1fixed 1-6.5.1
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
- CVE-2023-31436Apr 28, 2023affected < 2-2.1fixed 2-2.1
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
- CVE-2023-1998Apr 21, 2023affected < 1-6.5.1fixed 1-6.5.1
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim pr
- CVE-2023-28328Apr 19, 2023affected < 1-6.5.1fixed 1-6.5.1
A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially caus
- CVE-2023-2162Apr 19, 2023affected < 1-6.5.1fixed 1-6.5.1
A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
- CVE-2023-30772Apr 16, 2023affected < 1-6.5.1fixed 1-6.5.1
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.
- CVE-2023-1990Apr 12, 2023affected < 1-6.5.1fixed 1-6.5.1
A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.
- CVE-2023-1989Apr 11, 2023affected < 1-6.5.1fixed 1-6.5.1
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.
- CVE-2023-1855Apr 5, 2023affected < 1-6.5.1fixed 1-6.5.1
A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel info
- CVE-2023-1611Apr 3, 2023affected < 1-6.5.1fixed 1-6.5.1
A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea
- CVE-2023-28464Mar 31, 2023affected < 1-6.5.1fixed 1-6.5.1
hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.
- CVE-2023-1670Mar 30, 2023affected < 1-6.5.1fixed 1-6.5.1
A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
- CVE-2023-1076Mar 27, 2023affected < 1-6.5.1fixed 1-6.5.1
A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user o
- CVE-2021-3923Mar 27, 2023affected < 1-6.5.1fixed 1-6.5.1
A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user info
- CVE-2020-36691Mar 24, 2023affected < 1-6.5.1fixed 1-6.5.1
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.
- CVE-2023-28772Mar 23, 2023affected < 1-6.5.1fixed 1-6.5.1
An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.
- CVE-2023-1513Mar 23, 2023affected < 1-6.5.1fixed 1-6.5.1
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
- CVE-2023-0590Mar 23, 2023affected < 1-6.5.1fixed 1-6.5.1
A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.
- CVE-2023-1390Mar 16, 2023affected < 1-6.5.1fixed 1-6.5.1
A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in
- CVE-2023-1118Mar 2, 2023affected < 1-6.5.1fixed 1-6.5.1
A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
Page 1 of 2