VYPR

rpm package

suse/kgraft-patch-SLE12-SP5_Update_41&distro=SUSE Linux Enterprise Live Patching 12 SP5

pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_41&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Vulnerabilities (13)

  • CVE-2023-51780HigJan 11, 2024
    affected < 10-2.1fixed 10-2.1

    An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.

  • CVE-2023-6932HigDec 19, 2023
    affected < 9-2.1fixed 9-2.1

    A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recomme

  • CVE-2023-39198HigNov 9, 2023
    affected < 10-2.1fixed 10-2.1

    A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the ret

  • CVE-2023-4921HigSep 12, 2023
    affected < 10-2.1fixed 10-2.1

    A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrec

  • CVE-2023-31436HigApr 28, 2023
    affected < 3-2.1fixed 3-2.1

    qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

  • CVE-2023-1390HigMar 16, 2023
    affected < 3-2.1fixed 3-2.1

    A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in

  • CVE-2023-28466HigMar 16, 2023
    affected < 3-2.1fixed 3-2.1

    do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

  • CVE-2023-1118HigMar 2, 2023
    affected < 1-8.3.1fixed 1-8.3.1

    A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

  • CVE-2023-26545MedFeb 25, 2023
    affected < 1-8.3.1fixed 1-8.3.1

    In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

  • CVE-2023-0597MedFeb 23, 2023
    affected < 1-8.3.1fixed 1-8.3.1

    A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected l

  • CVE-2023-23559HigJan 13, 2023
    affected < 1-8.3.1fixed 1-8.3.1

    In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.

  • CVE-2022-4129MedNov 28, 2022
    affected < 1-8.3.1fixed 1-8.3.1

    A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.

  • CVE-2022-38096MedSep 9, 2022
    affected < 1-8.3.1fixed 1-8.3.1

    A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, cau