VYPR

rpm package

suse/kgraft-patch-SLE12-SP5_Update_70&distro=SUSE Linux Enterprise Live Patching 12 SP5

pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_70&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Vulnerabilities (150)

  • CVE-2023-52500Mar 2, 2024
    affected < 1-8.5.1fixed 1-8.5.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command Tags allocated for OPC_INB_SET_CONTROLLER_CONFIG command need to be freed when we receive the response.

  • CVE-2024-26586Feb 22, 2024
    affected < 1-8.5.1fixed 1-8.5.1

    In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn,

  • CVE-2022-2586KEVJan 8, 2024
    affected < 1-8.5.1fixed 1-8.5.1

    It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

  • CVE-2023-3111Jun 5, 2023
    affected < 1-8.5.1fixed 1-8.5.1

    A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().

  • CVE-2023-1989Apr 11, 2023
    affected < 1-8.5.1fixed 1-8.5.1

    A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.

  • CVE-2022-4095Mar 22, 2023
    affected < 1-8.5.1fixed 1-8.5.1

    A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.

  • CVE-2022-4662Dec 22, 2022
    affected < 1-8.5.1fixed 1-8.5.1

    A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.

  • CVE-2022-3903Nov 14, 2022
    affected < 1-8.5.1fixed 1-8.5.1

    An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the syst

  • CVE-2022-1679May 16, 2022
    affected < 1-8.5.1fixed 1-8.5.1

    A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.

  • CVE-2021-43527Dec 8, 2021
    affected < 1-8.5.1fixed 1-8.5.1

    NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted.

Page 8 of 8