kernel-livepatch-SLE15-SP4-RT_Update_3 (SUSE:Linux Enterprise Live Patching 15 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Live Patching 15 SP4 package kernel-livepatch-SLE15-SP4-RT_Update_3, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2023-28464 — CVSS 7.8 (high): hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush)…
CVE-2023-0179 — CVSS 7.8 (high): A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack…
CVE-2023-0461 — CVSS 7.8 (high): There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the…
CVE-2023-31436 — CVSS 7.8 (high): qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed…
CVE-2023-1118 — CVSS 7.8 (high): A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A…
CVE-2023-1281 — CVSS 7.8 (high): Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area…
CVE-2023-0122 — CVSS 7.5 (high): A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a…
CVE-2023-1652 — CVSS 7.1 (high): A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could…
CVE-2023-28466 — CVSS 7.0 (high): do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a…
CVE-2023-1989 — CVSS 7.0 (high): A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove…
CVE-2022-4382 — CVSS 6.4 (medium): A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by…
CVE-2022-36280 — CVSS 6.3 (medium): An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the…
CVE-2022-47929 — CVSS 5.5 (medium): In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a…
CVE-2023-23454 — CVSS 5.5 (medium): cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds…
CVE-2023-23455 — CVSS 5.5 (medium): atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type…
CVE-2023-2162 — CVSS 5.5 (medium): A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux…
CVE-2023-0590 — CVSS 4.7 (medium): A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a…
CVE-2023-0045 — CVSS 4.7 (medium): The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates…
CVE-2020-24588 — CVSS 3.5 (low): The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the…