kernel-livepatch-SLE15-SP2_Update_40 (SUSE:Linux Enterprise Live Patching 15 SP2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Live Patching 15 SP2 package kernel-livepatch-SLE15-SP2_Update_40, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (22)
CVE-2023-1829 — CVSS 7.8 (high): A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege…
CVE-2023-2007 — CVSS 7.8 (high): The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations…
CVE-2023-4623 — CVSS 7.8 (high): A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve…
CVE-2023-52340 — CVSS 7.5 (high): The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading…
CVE-2021-47383 — CVSS 7.1 (high): In the Linux kernel, the following vulnerability has been resolved: tty: Fix out-of-bound vmalloc access in imageblit This issue happens…
CVE-2023-4387 — CVSS 7.1 (high): A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in…
CVE-2023-42753 — CVSS 7.0 (high): An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of…
CVE-2024-0565 — CVSS 6.8 (medium): An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the…
CVE-2023-21400 — CVSS 6.7 (medium): In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local…
CVE-2024-26828 — CVSS 6.7 (medium): In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step…
CVE-2023-3863 — CVSS 6.4 (medium): A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user…
CVE-2022-36402 — CVSS 6.3 (medium): An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with…
CVE-2023-4273 — CVSS 6.0 (medium): A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction…
CVE-2023-20588 — CVSS 5.5 (medium): A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
CVE-2023-4134 — CVSS 5.5 (medium): A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine…
CVE-2023-4459 — CVSS 5.5 (medium): A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in…
CVE-2023-4132 — CVSS 5.5 (medium): A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when…
CVE-2023-4385 — CVSS 5.5 (medium): A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This…
CVE-2023-3772 — CVSS 5.5 (medium): A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with…
CVE-2024-26923 — CVSS 4.7 (medium): In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage…
CVE-2024-23307 — CVSS 4.4 (medium): Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced…
CVE-2023-4128: Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Reason: This record is a…