VYPR

rpm package

suse/kgraft-patch-SLE12-SP5_Update_39&distro=SUSE Linux Enterprise Live Patching 12 SP5

pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_39&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Vulnerabilities (26)

  • CVE-2023-51780Dec 25, 2023
    affected < 12-2.2fixed 12-2.2

    An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.

  • CVE-2023-39198Nov 9, 2023
    affected < 12-2.2fixed 12-2.2

    A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the ret

  • CVE-2023-4921Sep 12, 2023
    affected < 12-2.2fixed 12-2.2

    A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrec

  • CVE-2023-4622Sep 6, 2023
    affected < 10-2.2fixed 10-2.2

    A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where uni

  • CVE-2023-3567Jul 24, 2023
    affected < 7-2.2fixed 7-2.2

    A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.

  • CVE-2023-35001Jul 5, 2023
    affected < 7-2.2fixed 7-2.2

    Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace

  • CVE-2023-3090Jun 28, 2023
    affected < 7-2.2fixed 7-2.2

    A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_

  • CVE-2023-3159Jun 12, 2023
    affected < 6-2.3fixed 6-2.3

    A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.

  • CVE-2023-2002May 26, 2023
    affected < 6-2.3fixed 6-2.3

    A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availabil

  • CVE-2023-31436Apr 28, 2023
    affected < 5-2.2fixed 5-2.2

    qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

  • CVE-2023-2176Apr 20, 2023
    affected < 7-2.2fixed 7-2.2

    A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.

  • CVE-2023-2162Apr 19, 2023
    affected < 4-2.2fixed 4-2.2

    A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.

  • CVE-2023-1989Apr 11, 2023
    affected < 4-2.2fixed 4-2.2

    A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.

  • CVE-2023-28464Mar 31, 2023
    affected < 4-2.2fixed 4-2.2

    hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.

  • CVE-2023-1077Mar 27, 2023
    affected < 7-2.2fixed 7-2.2

    In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a

  • CVE-2023-1281Mar 22, 2023
    affected < 4-2.2fixed 4-2.2

    Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A l

  • CVE-2023-1390Mar 16, 2023
    affected < 5-2.2fixed 5-2.2

    A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in

  • CVE-2023-28466Mar 15, 2023
    affected < 5-2.2fixed 5-2.2

    do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

  • CVE-2023-26545Feb 25, 2023
    affected < 2-2.3fixed 2-2.3

    In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

  • CVE-2023-0266KEVJan 30, 2023
    affected < 2-2.3fixed 2-2.3

    A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgradin

Page 1 of 2