VYPR

rpm package

suse/kgraft-patch-SLE12-SP5_Update_31&distro=SUSE Linux Enterprise Live Patching 12 SP5

pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_31&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Vulnerabilities (38)

  • CVE-2022-21499MedJun 9, 2022
    affected < 3-2.3fixed 3-2.3

    KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Scor

  • CVE-2022-1652HigJun 2, 2022
    affected < 6-2.2fixed 6-2.2

    Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a

  • CVE-2022-1419HigJun 2, 2022
    affected < 1-8.5.2fixed 1-8.5.2

    The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.

  • CVE-2022-1734HigMay 18, 2022
    affected < 2-2.2fixed 2-2.2

    A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.

  • CVE-2022-29581HigMay 17, 2022
    affected < 6-2.2fixed 6-2.2

    Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.

  • CVE-2022-1679HigMay 16, 2022
    affected < 4-2.2fixed 4-2.2

    A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.

  • CVE-2022-1516MedMay 5, 2022
    affected < 1-8.5.2fixed 1-8.5.2

    A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the s

  • CVE-2022-1353HigApr 29, 2022
    affected < 1-8.5.2fixed 1-8.5.2

    A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.

  • CVE-2022-1280MedApr 13, 2022
    affected < 1-8.5.2fixed 1-8.5.2

    A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.

  • CVE-2022-28356MedApr 2, 2022
    affected < 1-8.5.2fixed 1-8.5.2

    In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.

  • CVE-2022-1011HigMar 18, 2022
    affected < 1-8.5.2fixed 1-8.5.2

    A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

  • CVE-2020-36516MedFeb 26, 2022
    affected < 5-2.3fixed 5-2.3

    An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.

  • CVE-2021-20321MedFeb 18, 2022
    affected < 1-8.5.2fixed 1-8.5.2

    A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.

  • CVE-2021-43389MedNov 4, 2021
    affected < 1-8.5.2fixed 1-8.5.2

    An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.

  • CVE-2021-38208MedAug 8, 2021
    affected < 1-8.5.2fixed 1-8.5.2

    net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.

  • CVE-2021-20292MedMay 28, 2021
    affected < 1-8.5.2fixed 1-8.5.2

    There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the obje

  • CVE-2019-20811MedJun 3, 2020
    affected < 1-8.5.2fixed 1-8.5.2

    An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.

  • CVE-2018-7755MedMar 8, 2018
    affected < 1-8.5.2fixed 1-8.5.2

    An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel

Page 2 of 2