kernel-livepatch-SLE15-SP2_Update_50 (SUSE:Linux Enterprise Live Patching 15 SP2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Live Patching 15 SP2 package kernel-livepatch-SLE15-SP2_Update_50, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (43)
CVE-2024-38541 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In…
CVE-2022-0435 — CVSS 8.8 (high): A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content…
CVE-2021-47368 — CVSS 8.1 (high): In the Linux kernel, the following vulnerability has been resolved: enetc: Fix illegal access when reading affinity_hint…
CVE-2021-47311 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emac_remove adpt is netdev private data and…
CVE-2021-47328 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix conn use after free during resets If we haven't done a…
CVE-2024-35789 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When…
CVE-2021-4439 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The…
CVE-2021-47247 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free of encap entry in neigh update handler…
CVE-2024-36904 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson…
CVE-2024-35864 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_valid_lease_break() Skip…
CVE-2024-35862 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_network_name_deleted() Skip…
CVE-2024-35861 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()…
CVE-2021-47372 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use after free on rmmod plat_dev->dev->platform_data is…
CVE-2021-47379 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd…
CVE-2021-47571 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() The…
CVE-2024-38545 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not…
CVE-2021-47598 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not…
CVE-2021-47600 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move…
CVE-2022-22942 — CVSS 7.8 (high): The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by…
CVE-2022-2938 — CVSS 7.8 (high): A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could…
CVE-2022-48771 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix stale file descriptors on failed usercopy A failing…
CVE-2024-36940 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev"…
CVE-2023-52707 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fix use-after-free in ep_remove_wait_queue() If a non-root…
CVE-2023-52752 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip…
CVE-2021-47291 — CVSS 7.1 (high): In the Linux kernel, the following vulnerability has been resolved: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions While…
CVE-2024-38560 — CVSS 7.1 (high): In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we…
CVE-2024-41059 — CVSS 7.1 (high): In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN…
CVE-2022-48760 — CVSS 7.1 (high): In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usb_kill_urb by adding memory barriers The…
CVE-2023-24023 — CVSS 6.8 (medium): Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow…
CVE-2024-36894 — CVSS 5.6 (medium): In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request…
CVE-2024-26921 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: inet: inet_defrag: prevent sk release while still in use ip_local_out()…
CVE-2024-35950 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes[] with dev->mode_config.mutex The…
CVE-2024-43861 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused…
CVE-2023-52881 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a…
CVE-2024-36964 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain…
CVE-2022-48711 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function…
CVE-2021-47583 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutex_init() location Syzbot reported, that…
CVE-2021-43389 — CVSS 5.5 (medium): An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in…
CVE-2020-10135 — CVSS 5.4 (medium): Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an…
CVE-2024-35878 — CVSS 5.3 (medium): In the Linux kernel, the following vulnerability has been resolved: of: module: prevent NULL pointer dereference in vsnprintf() In…
CVE-2024-26923 — CVSS 4.7 (medium): In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage…
CVE-2024-38559 — CVSS 4.4 (medium): In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we…
CVE-2021-3896: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of…