kgraft-patch-SLE12-SP5_Update_49 (SUSE:Linux Enterprise Live Patching 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Live Patching 12 SP5 package kgraft-patch-SLE12-SP5_Update_49, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (31)
CVE-2021-47378 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We…
CVE-2024-35867 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_stats_proc_show() Skip sessions…
CVE-2023-1281 — CVSS 7.8 (high): Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area…
CVE-2023-1829 — CVSS 7.8 (high): A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege…
CVE-2023-4622 — CVSS 7.8 (high): A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The…
CVE-2023-4623 — CVSS 7.8 (high): A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve…
CVE-2023-4921 — CVSS 7.8 (high): A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation…
CVE-2023-52752 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip…
CVE-2023-6932 — CVSS 7.8 (high): A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race…
CVE-2024-26852 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() syzbot found…
CVE-2024-26930 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the ha->vp_map pointer Coverity scan…
CVE-2024-35862 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_network_name_deleted() Skip…
CVE-2024-35863 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in is_valid_oplock_break() Skip sessions…
CVE-2024-35864 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_valid_lease_break() Skip…
CVE-2023-39198 — CVSS 7.5 (high): A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the…
CVE-2021-47383 — CVSS 7.1 (high): In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens…
CVE-2021-46955 — CVSS 7.1 (high): In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running…
CVE-2023-51780 — CVSS 7.0 (high): An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg…
CVE-2023-39192 — CVSS 6.7 (medium): A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure…
CVE-2024-26828 — CVSS 6.7 (medium): In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step…
CVE-2023-1192 — CVSS 6.5 (medium): A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system…
CVE-2023-39193 — CVSS 6.1 (medium): A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows…
CVE-2023-1206 — CVSS 5.7 (medium): A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind…
CVE-2023-42754 — CVSS 5.5 (medium): A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a…
CVE-2023-0394 — CVSS 5.5 (medium): A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel…
CVE-2024-26923 — CVSS 4.7 (medium): In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage…
CVE-2023-1859 — CVSS 4.7 (medium): A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw…
CVE-2024-23307 — CVSS 4.4 (medium): Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced…
CVE-2020-36766 — CVSS 3.3 (low): An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific…
CVE-2023-39194 — CVSS 3.2 (low): A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can…
CVE-2023-4881: Rejected reason: CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.