rpm package
suse/kgraft-patch-SLE12-SP5_Update_45&distro=SUSE Linux Enterprise Live Patching 12 SP5
pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_45&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
Vulnerabilities (18)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-35950 | Med | 5.5 | < 15-2.1 | 15-2.1 | May 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes[] with dev->mode_config.mutex The modes[] array contains pointers to modes on the connectors' mode lists, which are protected by dev->mode_config.mutex. Thus we need to extend mo | |
| CVE-2024-27398 | — | < 15-2.1 | 15-2.1 | May 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge whether the sco disconnection | ||
| CVE-2023-4623 | — | < 4-2.2 | 4-2.2 | Sep 6, 2023 | A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curv | ||
| CVE-2023-3567 | — | < 2-2.1 | 2-2.1 | Jul 24, 2023 | A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. | ||
| CVE-2023-35001 | — | < 2-2.1 | 2-2.1 | Jul 5, 2023 | Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace | ||
| CVE-2023-3090 | — | < 1-8.3.1 | 1-8.3.1 | Jun 28, 2023 | A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_ | ||
| CVE-2023-3358 | — | < 1-8.3.1 | 1-8.3.1 | Jun 28, 2023 | A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system. | ||
| CVE-2023-35824 | — | < 1-8.3.1 | 1-8.3.1 | Jun 18, 2023 | An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. | ||
| CVE-2023-3268 | — | < 1-8.3.1 | 1-8.3.1 | Jun 16, 2023 | An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. | ||
| CVE-2023-3161 | — | < 1-8.3.1 | 1-8.3.1 | Jun 12, 2023 | A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. | ||
| CVE-2023-3159 | — | < 1-8.3.1 | 1-8.3.1 | Jun 12, 2023 | A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. | ||
| CVE-2023-3141 | — | < 1-8.3.1 | 1-8.3.1 | Jun 9, 2023 | A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. | ||
| CVE-2023-3111 | — | < 1-8.3.1 | 1-8.3.1 | Jun 5, 2023 | A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). | ||
| CVE-2023-2002 | — | < 1-8.3.1 | 1-8.3.1 | May 26, 2023 | A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availabil | ||
| CVE-2023-1637 | — | < 1-8.3.1 | 1-8.3.1 | Mar 27, 2023 | A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unaut | ||
| CVE-2023-1079 | — | < 1-8.3.1 | 1-8.3.1 | Mar 27, 2023 | A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct | ||
| CVE-2023-1077 | — | < 1-8.3.1 | 1-8.3.1 | Mar 27, 2023 | In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a | ||
| CVE-2023-1249 | — | < 1-8.3.1 | 1-8.3.1 | Mar 23, 2023 | A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. |
- affected < 15-2.1fixed 15-2.1
In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes[] with dev->mode_config.mutex The modes[] array contains pointers to modes on the connectors' mode lists, which are protected by dev->mode_config.mutex. Thus we need to extend mo
- CVE-2024-27398May 13, 2024affected < 15-2.1fixed 15-2.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge whether the sco disconnection
- CVE-2023-4623Sep 6, 2023affected < 4-2.2fixed 4-2.2
A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curv
- CVE-2023-3567Jul 24, 2023affected < 2-2.1fixed 2-2.1
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.
- CVE-2023-35001Jul 5, 2023affected < 2-2.1fixed 2-2.1
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
- CVE-2023-3090Jun 28, 2023affected < 1-8.3.1fixed 1-8.3.1
A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_
- CVE-2023-3358Jun 28, 2023affected < 1-8.3.1fixed 1-8.3.1
A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.
- CVE-2023-35824Jun 18, 2023affected < 1-8.3.1fixed 1-8.3.1
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
- CVE-2023-3268Jun 16, 2023affected < 1-8.3.1fixed 1-8.3.1
An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.
- CVE-2023-3161Jun 12, 2023affected < 1-8.3.1fixed 1-8.3.1
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.
- CVE-2023-3159Jun 12, 2023affected < 1-8.3.1fixed 1-8.3.1
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.
- CVE-2023-3141Jun 9, 2023affected < 1-8.3.1fixed 1-8.3.1
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
- CVE-2023-3111Jun 5, 2023affected < 1-8.3.1fixed 1-8.3.1
A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().
- CVE-2023-2002May 26, 2023affected < 1-8.3.1fixed 1-8.3.1
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availabil
- CVE-2023-1637Mar 27, 2023affected < 1-8.3.1fixed 1-8.3.1
A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unaut
- CVE-2023-1079Mar 27, 2023affected < 1-8.3.1fixed 1-8.3.1
A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct
- CVE-2023-1077Mar 27, 2023affected < 1-8.3.1fixed 1-8.3.1
In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a
- CVE-2023-1249Mar 23, 2023affected < 1-8.3.1fixed 1-8.3.1
A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected.