Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-4159 (GCVE-0-2021-4159)
Vulnerability from cvelistv5
Published
2022-08-24 15:10
Modified
2024-08-03 17:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-202 - - Exposure of Sensitive Information Through Data Queries
Summary
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036024"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4159"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4159"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd"
},
{
"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in v5.7-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the Linux kernel\u0027s EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-202",
"description": "CWE-202 - Exposure of Sensitive Information Through Data Queries",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-02T18:06:18",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036024"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4159"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4159"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd"
},
{
"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4159",
"datePublished": "2022-08-24T15:10:57",
"dateReserved": "2021-12-23T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-4159\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-08-24T16:15:09.713\",\"lastModified\":\"2024-11-21T06:37:02.127\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in the Linux kernel\u0027s EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad en el verificador EBPF del kernel de Linux cuando son manejadas estructuras de datos internas. Las ubicaciones de memoria interna pod\u00edan ser devueltas al espacio de usuario. Un atacante local con permisos para insertar c\u00f3digo eBPF en el kernel puede usar esto para filtrar detalles de la memoria interna del kernel derrotando algunas de las mitigaciones de explotaci\u00f3n en el lugar para el kernel.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-202\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.7\",\"matchCriteriaId\":\"C3821E00-CCBB-4CD4-AD2C-D47DFF2F5A34\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2021-4159\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2036024\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2021-4159\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2021-4159\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2036024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2021-4159\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
suse-su-2022:0363-1
Vulnerability from csaf_suse
Published
2022-02-10 16:01
Modified
2022-02-10 16:01
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254).
- CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880).
- CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371).
- CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065).
- CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867).
- CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767).
- CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864).
- CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861).
- CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184).
- CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723).
- CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227).
The following security references were added to already fixed issues:
- CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802).
The following non-security bugs were fixed:
- ACPI: battery: Add the ThinkPad 'Not Charging' quirk (git-fixes).
- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes).
- ACPICA: Fix wrong interpretation of PCC address (git-fixes).
- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes).
- ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes).
- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes).
- ALSA: seq: Set upper limit of processed events (git-fixes).
- ASoC: mediatek: mt8173: fix device_node leak (git-fixes).
- Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes).
- Documentation: fix firewire.rst ABI file path error (git-fixes).
- HID: apple: Do not reset quirks when the Fn key is not found (git-fixes).
- HID: quirks: Allow inverting the absolute X/Y values (git-fixes).
- HID: uhid: Fix worker destroying device without any protection (git-fixes).
- HID: wacom: Reset expected and received contact counts at the same time (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes).
- RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176).
- RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176).
- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes).
- arm64: Kconfig: add a choice for endianness (jsc#SLE-23432).
- asix: fix wrong return value in asix_check_host_enable() (git-fixes).
- ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes).
- ath10k: Fix tx hanging (git-fixes).
- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes).
- batman-adv: allow netlink usage in unprivileged containers (git-fixes).
- btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009).
- btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009).
- btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009).
- cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291).
- clk: si5341: Fix clock HW provider cleanup (git-fixes).
- crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes).
- drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes).
- drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes).
- drm/etnaviv: limit submit sizes (git-fixes).
- drm/etnaviv: relax submit size limits (git-fixes).
- drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes).
- drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes).
- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes).
- drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes).
- drm/msm: Fix wrong size calculation (git-fixes).
- drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes).
- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes).
- drm/radeon: fix error handling in radeon_driver_open_kms (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes).
- ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267).
- floppy: Add max size check for user space request (git-fixes).
- gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes).
- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes).
- hv_netvsc: Set needed_headroom according to VF (bsc#1193506).
- hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes).
- hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes).
- i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes).
- i2c: i801: Do not silently correct invalid transfer size (git-fixes).
- i2c: mpc: Correct I2C reset procedure (git-fixes).
- ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713).
- ibmvnic: Update driver return codes (bsc#1195293 ltc#196198).
- ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713).
- ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713).
- ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713).
- ibmvnic: remove unused defines (bsc#1195293 ltc#196198).
- igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634).
- iwlwifi: fix leaks/bad data after failed firmware load (git-fixes).
- iwlwifi: mvm: Fix calculation of frame length (git-fixes).
- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes).
- iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes).
- iwlwifi: remove module loading failure message (git-fixes).
- lib82596: Fix IRQ check in sni_82596_probe (git-fixes).
- lightnvm: Remove lightnvm implemenation (bsc#1191881).
- mac80211: allow non-standard VHT MCS-10/11 (git-fixes).
- media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).
- media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes).
- media: igorplugusb: receiver overflow should be reported (git-fixes).
- media: m920x: do not use stack on USB reads (git-fixes).
- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes).
- media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes).
- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes).
- mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488).
- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes).
- mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes).
- mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes).
- mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes).
- net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).
- net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506).
- net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464).
- net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172).
- net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464).
- net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428).
- net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447).
- net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447).
- net: bridge: vlan: fix single net device option dumping (bsc#1176447).
- net: mana: Add RX fencing (bsc#1193506).
- net: mana: Add XDP support (bsc#1193506).
- net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405).
- net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405).
- net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405).
- net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405).
- net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405).
- net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405).
- net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405).
- net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353).
- netdevsim: set .owner to THIS_MODULE (bsc#1154353).
- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes).
- nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
- phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes).
- phylib: fix potential use-after-free (git-fixes).
- pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes).
- pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes).
- powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865).
- regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes).
- rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes).
- sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)).
- sched/numa: Fix is_core_idle() (git fixes (sched/numa)).
- scripts/dtc: dtx_diff: remove broken example from help text (git-fixes).
- serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes).
- serial: Fix incorrect rs485 polarity on uart open (git-fixes).
- serial: amba-pl011: do not request memory region twice (git-fixes).
- serial: core: Keep mctrl register state and cached copy in sync (git-fixes).
- serial: pl010: Drop CR register reset on set_termios (git-fixes).
- serial: stm32: fix software flow control transfer (git-fixes).
- supported.conf: mark rtw88 modules as supported (jsc#SLE-22690)
- tty: n_gsm: fix SW flow control encoding/handling (git-fixes).
- ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes).
- usb: common: ulpi: Fix crash in ulpi_match() (git-fixes).
- usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes).
- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes).
- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes).
- usb: roles: fix include/linux/usb/role.h compile issue (git-fixes).
- usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes).
- usb: uhci: add aspeed ast2600 uhci support (git-fixes).
- vfio/iommu_type1: replace kfree with kvfree (git-fixes).
- video: hyperv_fb: Fix validation of screen resolution (git-fixes).
- vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353).
- workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062).
- x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes).
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
Patchnames
SUSE-2022-363,SUSE-SLE-Module-Public-Cloud-15-SP3-2022-363
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254).\n- CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880).\n- CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371).\n- CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065).\n- CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867).\n- CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767).\n- CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864).\n- CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861).\n- CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184).\n- CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723).\n- CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227).\n\n\nThe following security references were added to already fixed issues:\n\n- CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802).\n\n\nThe following non-security bugs were fixed:\n\n- ACPI: battery: Add the ThinkPad \u0027Not Charging\u0027 quirk (git-fixes).\n- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes).\n- ACPICA: Fix wrong interpretation of PCC address (git-fixes).\n- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes).\n- ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes).\n- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes).\n- ALSA: seq: Set upper limit of processed events (git-fixes).\n- ASoC: mediatek: mt8173: fix device_node leak (git-fixes).\n- Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes).\n- Documentation: fix firewire.rst ABI file path error (git-fixes).\n- HID: apple: Do not reset quirks when the Fn key is not found (git-fixes).\n- HID: quirks: Allow inverting the absolute X/Y values (git-fixes).\n- HID: uhid: Fix worker destroying device without any protection (git-fixes).\n- HID: wacom: Reset expected and received contact counts at the same time (git-fixes).\n- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes).\n- RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176).\n- RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176).\n- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes).\n- arm64: Kconfig: add a choice for endianness (jsc#SLE-23432).\n- asix: fix wrong return value in asix_check_host_enable() (git-fixes).\n- ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes).\n- ath10k: Fix tx hanging (git-fixes).\n- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes).\n- batman-adv: allow netlink usage in unprivileged containers (git-fixes).\n- btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009).\n- btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009).\n- btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009).\n- cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291).\n- clk: si5341: Fix clock HW provider cleanup (git-fixes).\n- crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes).\n- drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes).\n- drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes).\n- drm/etnaviv: limit submit sizes (git-fixes).\n- drm/etnaviv: relax submit size limits (git-fixes).\n- drm/lima: fix warning when CONFIG_DEBUG_SG=y \u0026 CONFIG_DMA_API_DEBUG=y (git-fixes).\n- drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes).\n- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes).\n- drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes).\n- drm/msm: Fix wrong size calculation (git-fixes).\n- drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes).\n- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes).\n- drm/radeon: fix error handling in radeon_driver_open_kms (git-fixes).\n- drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes).\n- ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267).\n- floppy: Add max size check for user space request (git-fixes).\n- gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes).\n- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes).\n- hv_netvsc: Set needed_headroom according to VF (bsc#1193506).\n- hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes).\n- hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes).\n- hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes).\n- hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes).\n- hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes).\n- i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes).\n- i2c: i801: Do not silently correct invalid transfer size (git-fixes).\n- i2c: mpc: Correct I2C reset procedure (git-fixes).\n- ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713).\n- ibmvnic: Update driver return codes (bsc#1195293 ltc#196198).\n- ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713).\n- ibmvnic: init -\u003erunning_cap_crqs early (bsc#1195073 ltc#195713).\n- ibmvnic: remove unused -\u003ewait_capability (bsc#1195073 ltc#195713).\n- ibmvnic: remove unused defines (bsc#1195293 ltc#196198).\n- igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634).\n- iwlwifi: fix leaks/bad data after failed firmware load (git-fixes).\n- iwlwifi: mvm: Fix calculation of frame length (git-fixes).\n- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes).\n- iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes).\n- iwlwifi: remove module loading failure message (git-fixes).\n- lib82596: Fix IRQ check in sni_82596_probe (git-fixes).\n- lightnvm: Remove lightnvm implemenation (bsc#1191881).\n- mac80211: allow non-standard VHT MCS-10/11 (git-fixes).\n- media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).\n- media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes).\n- media: igorplugusb: receiver overflow should be reported (git-fixes).\n- media: m920x: do not use stack on USB reads (git-fixes).\n- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes).\n- media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes).\n- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes).\n- mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488).\n- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes).\n- mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes).\n- mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes).\n- mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes).\n- net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).\n- net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506).\n- net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464).\n- net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172).\n- net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464).\n- net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428).\n- net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447).\n- net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447).\n- net: bridge: vlan: fix single net device option dumping (bsc#1176447).\n- net: mana: Add RX fencing (bsc#1193506).\n- net: mana: Add XDP support (bsc#1193506).\n- net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405).\n- net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405).\n- net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405).\n- net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405).\n- net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405).\n- net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405).\n- net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405).\n- net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353).\n- netdevsim: set .owner to THIS_MODULE (bsc#1154353).\n- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes).\n- nvme: add \u0027iopolicy\u0027 module parameter (bsc#1177599 bsc#1193096).\n- phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes).\n- phylib: fix potential use-after-free (git-fixes).\n- pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes).\n- pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes).\n- powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865).\n- regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes).\n- rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes).\n- sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)).\n- sched/numa: Fix is_core_idle() (git fixes (sched/numa)).\n- scripts/dtc: dtx_diff: remove broken example from help text (git-fixes).\n- serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes).\n- serial: Fix incorrect rs485 polarity on uart open (git-fixes).\n- serial: amba-pl011: do not request memory region twice (git-fixes).\n- serial: core: Keep mctrl register state and cached copy in sync (git-fixes).\n- serial: pl010: Drop CR register reset on set_termios (git-fixes).\n- serial: stm32: fix software flow control transfer (git-fixes).\n- supported.conf: mark rtw88 modules as supported (jsc#SLE-22690)\n- tty: n_gsm: fix SW flow control encoding/handling (git-fixes).\n- ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes).\n- usb: common: ulpi: Fix crash in ulpi_match() (git-fixes).\n- usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes).\n- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes).\n- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes).\n- usb: roles: fix include/linux/usb/role.h compile issue (git-fixes).\n- usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes).\n- usb: uhci: add aspeed ast2600 uhci support (git-fixes).\n- vfio/iommu_type1: replace kfree with kvfree (git-fixes).\n- video: hyperv_fb: Fix validation of screen resolution (git-fixes).\n- vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353).\n- workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062).\n- x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes).\n- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-363,SUSE-SLE-Module-Public-Cloud-15-SP3-2022-363",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0363-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:0363-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220363-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:0363-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2022-February/021670.html"
},
{
"category": "self",
"summary": "SUSE Bug 1154353",
"url": "https://bugzilla.suse.com/1154353"
},
{
"category": "self",
"summary": "SUSE Bug 1154488",
"url": "https://bugzilla.suse.com/1154488"
},
{
"category": "self",
"summary": "SUSE Bug 1160634",
"url": "https://bugzilla.suse.com/1160634"
},
{
"category": "self",
"summary": "SUSE Bug 1176447",
"url": "https://bugzilla.suse.com/1176447"
},
{
"category": "self",
"summary": "SUSE Bug 1177599",
"url": "https://bugzilla.suse.com/1177599"
},
{
"category": "self",
"summary": "SUSE Bug 1183405",
"url": "https://bugzilla.suse.com/1183405"
},
{
"category": "self",
"summary": "SUSE Bug 1185377",
"url": "https://bugzilla.suse.com/1185377"
},
{
"category": "self",
"summary": "SUSE Bug 1187428",
"url": "https://bugzilla.suse.com/1187428"
},
{
"category": "self",
"summary": "SUSE Bug 1187723",
"url": "https://bugzilla.suse.com/1187723"
},
{
"category": "self",
"summary": "SUSE Bug 1188605",
"url": "https://bugzilla.suse.com/1188605"
},
{
"category": "self",
"summary": "SUSE Bug 1191881",
"url": "https://bugzilla.suse.com/1191881"
},
{
"category": "self",
"summary": "SUSE Bug 1193096",
"url": "https://bugzilla.suse.com/1193096"
},
{
"category": "self",
"summary": "SUSE Bug 1193506",
"url": "https://bugzilla.suse.com/1193506"
},
{
"category": "self",
"summary": "SUSE Bug 1193767",
"url": "https://bugzilla.suse.com/1193767"
},
{
"category": "self",
"summary": "SUSE Bug 1193802",
"url": "https://bugzilla.suse.com/1193802"
},
{
"category": "self",
"summary": "SUSE Bug 1193861",
"url": "https://bugzilla.suse.com/1193861"
},
{
"category": "self",
"summary": "SUSE Bug 1193864",
"url": "https://bugzilla.suse.com/1193864"
},
{
"category": "self",
"summary": "SUSE Bug 1193867",
"url": "https://bugzilla.suse.com/1193867"
},
{
"category": "self",
"summary": "SUSE Bug 1194048",
"url": "https://bugzilla.suse.com/1194048"
},
{
"category": "self",
"summary": "SUSE Bug 1194227",
"url": "https://bugzilla.suse.com/1194227"
},
{
"category": "self",
"summary": "SUSE Bug 1194291",
"url": "https://bugzilla.suse.com/1194291"
},
{
"category": "self",
"summary": "SUSE Bug 1194880",
"url": "https://bugzilla.suse.com/1194880"
},
{
"category": "self",
"summary": "SUSE Bug 1195009",
"url": "https://bugzilla.suse.com/1195009"
},
{
"category": "self",
"summary": "SUSE Bug 1195062",
"url": "https://bugzilla.suse.com/1195062"
},
{
"category": "self",
"summary": "SUSE Bug 1195065",
"url": "https://bugzilla.suse.com/1195065"
},
{
"category": "self",
"summary": "SUSE Bug 1195073",
"url": "https://bugzilla.suse.com/1195073"
},
{
"category": "self",
"summary": "SUSE Bug 1195183",
"url": "https://bugzilla.suse.com/1195183"
},
{
"category": "self",
"summary": "SUSE Bug 1195184",
"url": "https://bugzilla.suse.com/1195184"
},
{
"category": "self",
"summary": "SUSE Bug 1195254",
"url": "https://bugzilla.suse.com/1195254"
},
{
"category": "self",
"summary": "SUSE Bug 1195267",
"url": "https://bugzilla.suse.com/1195267"
},
{
"category": "self",
"summary": "SUSE Bug 1195293",
"url": "https://bugzilla.suse.com/1195293"
},
{
"category": "self",
"summary": "SUSE Bug 1195371",
"url": "https://bugzilla.suse.com/1195371"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28097 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22600 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22600/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39648 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39657 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39657/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39685 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4159 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-44733 page",
"url": "https://www.suse.com/security/cve/CVE-2021-44733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45095 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0286 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0330 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0330/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0435 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0435/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22942 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22942/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2022-02-10T16:01:35Z",
"generator": {
"date": "2022-02-10T16:01:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:0363-1",
"initial_release_date": "2022-02-10T16:01:35Z",
"revision_history": [
{
"date": "2022-02-10T16:01:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"product": {
"name": "kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"product_id": "kernel-devel-azure-5.3.18-150300.38.40.4.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"product": {
"name": "kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"product_id": "kernel-source-azure-5.3.18-150300.38.40.4.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product_id": "cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product_id": "dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product_id": "gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "kernel-azure-5.3.18-150300.38.40.4.x86_64",
"product_id": "kernel-azure-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"product_id": "kernel-azure-devel-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"product_id": "kernel-azure-extra-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"product_id": "kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"product_id": "kernel-azure-optional-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"product": {
"name": "kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"product_id": "kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product_id": "kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product_id": "ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product_id": "reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-5.3.18-150300.38.40.4.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64"
},
"product_reference": "kernel-azure-5.3.18-150300.38.40.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-5.3.18-150300.38.40.4.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64"
},
"product_reference": "kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-5.3.18-150300.38.40.4.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch"
},
"product_reference": "kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-5.3.18-150300.38.40.4.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch"
},
"product_reference": "kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-5.3.18-150300.38.40.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
},
"product_reference": "kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28097"
}
],
"notes": [
{
"category": "general",
"text": "The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28097",
"url": "https://www.suse.com/security/cve/CVE-2020-28097"
},
{
"category": "external",
"summary": "SUSE Bug 1187723 for CVE-2020-28097",
"url": "https://bugzilla.suse.com/1187723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:35Z",
"details": "moderate"
}
],
"title": "CVE-2020-28097"
},
{
"cve": "CVE-2021-22600",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22600"
}
],
"notes": [
{
"category": "general",
"text": "A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22600",
"url": "https://www.suse.com/security/cve/CVE-2021-22600"
},
{
"category": "external",
"summary": "SUSE Bug 1195184 for CVE-2021-22600",
"url": "https://bugzilla.suse.com/1195184"
},
{
"category": "external",
"summary": "SUSE Bug 1195307 for CVE-2021-22600",
"url": "https://bugzilla.suse.com/1195307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:35Z",
"details": "important"
}
],
"title": "CVE-2021-22600"
},
{
"cve": "CVE-2021-39648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39648"
}
],
"notes": [
{
"category": "general",
"text": "In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39648",
"url": "https://www.suse.com/security/cve/CVE-2021-39648"
},
{
"category": "external",
"summary": "SUSE Bug 1193861 for CVE-2021-39648",
"url": "https://bugzilla.suse.com/1193861"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:35Z",
"details": "moderate"
}
],
"title": "CVE-2021-39648"
},
{
"cve": "CVE-2021-39657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39657"
}
],
"notes": [
{
"category": "general",
"text": "In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39657",
"url": "https://www.suse.com/security/cve/CVE-2021-39657"
},
{
"category": "external",
"summary": "SUSE Bug 1193864 for CVE-2021-39657",
"url": "https://bugzilla.suse.com/1193864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:35Z",
"details": "low"
}
],
"title": "CVE-2021-39657"
},
{
"cve": "CVE-2021-39685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39685"
}
],
"notes": [
{
"category": "general",
"text": "In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39685",
"url": "https://www.suse.com/security/cve/CVE-2021-39685"
},
{
"category": "external",
"summary": "SUSE Bug 1193802 for CVE-2021-39685",
"url": "https://bugzilla.suse.com/1193802"
},
{
"category": "external",
"summary": "SUSE Bug 1194459 for CVE-2021-39685",
"url": "https://bugzilla.suse.com/1194459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:35Z",
"details": "important"
}
],
"title": "CVE-2021-39685"
},
{
"cve": "CVE-2021-4159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4159"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the Linux kernel\u0027s EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4159",
"url": "https://www.suse.com/security/cve/CVE-2021-4159"
},
{
"category": "external",
"summary": "SUSE Bug 1194227 for CVE-2021-4159",
"url": "https://bugzilla.suse.com/1194227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:35Z",
"details": "moderate"
}
],
"title": "CVE-2021-4159"
},
{
"cve": "CVE-2021-44733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-44733"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-44733",
"url": "https://www.suse.com/security/cve/CVE-2021-44733"
},
{
"category": "external",
"summary": "SUSE Bug 1193767 for CVE-2021-44733",
"url": "https://bugzilla.suse.com/1193767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:35Z",
"details": "moderate"
}
],
"title": "CVE-2021-44733"
},
{
"cve": "CVE-2021-45095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45095"
}
],
"notes": [
{
"category": "general",
"text": "pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45095",
"url": "https://www.suse.com/security/cve/CVE-2021-45095"
},
{
"category": "external",
"summary": "SUSE Bug 1193867 for CVE-2021-45095",
"url": "https://bugzilla.suse.com/1193867"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:35Z",
"details": "moderate"
}
],
"title": "CVE-2021-45095"
},
{
"cve": "CVE-2022-0286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0286"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0286",
"url": "https://www.suse.com/security/cve/CVE-2022-0286"
},
{
"category": "external",
"summary": "SUSE Bug 1195371 for CVE-2022-0286",
"url": "https://bugzilla.suse.com/1195371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:35Z",
"details": "moderate"
}
],
"title": "CVE-2022-0286"
},
{
"cve": "CVE-2022-0330",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0330"
}
],
"notes": [
{
"category": "general",
"text": "A random memory access flaw was found in the Linux kernel\u0027s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0330",
"url": "https://www.suse.com/security/cve/CVE-2022-0330"
},
{
"category": "external",
"summary": "SUSE Bug 1194880 for CVE-2022-0330",
"url": "https://bugzilla.suse.com/1194880"
},
{
"category": "external",
"summary": "SUSE Bug 1195950 for CVE-2022-0330",
"url": "https://bugzilla.suse.com/1195950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:35Z",
"details": "moderate"
}
],
"title": "CVE-2022-0330"
},
{
"cve": "CVE-2022-0435",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0435"
}
],
"notes": [
{
"category": "general",
"text": "A stack overflow flaw was found in the Linux kernel\u0027s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0435",
"url": "https://www.suse.com/security/cve/CVE-2022-0435"
},
{
"category": "external",
"summary": "SUSE Bug 1195254 for CVE-2022-0435",
"url": "https://bugzilla.suse.com/1195254"
},
{
"category": "external",
"summary": "SUSE Bug 1195308 for CVE-2022-0435",
"url": "https://bugzilla.suse.com/1195308"
},
{
"category": "external",
"summary": "SUSE Bug 1226672 for CVE-2022-0435",
"url": "https://bugzilla.suse.com/1226672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:35Z",
"details": "important"
}
],
"title": "CVE-2022-0435"
},
{
"cve": "CVE-2022-22942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22942"
}
],
"notes": [
{
"category": "general",
"text": "The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling \u0027file\u0027 pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22942",
"url": "https://www.suse.com/security/cve/CVE-2022-22942"
},
{
"category": "external",
"summary": "SUSE Bug 1195065 for CVE-2022-22942",
"url": "https://bugzilla.suse.com/1195065"
},
{
"category": "external",
"summary": "SUSE Bug 1195951 for CVE-2022-22942",
"url": "https://bugzilla.suse.com/1195951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:35Z",
"details": "moderate"
}
],
"title": "CVE-2022-22942"
}
]
}
CERTFR-2022-AVI-919
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 20.04",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 16.04",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32296"
},
{
"name": "CVE-2022-33741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33741"
},
{
"name": "CVE-2022-3176",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3176"
},
{
"name": "CVE-2022-33742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33742"
},
{
"name": "CVE-2022-33740",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33740"
},
{
"name": "CVE-2022-0812",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0812"
},
{
"name": "CVE-2022-33744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33744"
},
{
"name": "CVE-2022-1012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1012"
},
{
"name": "CVE-2022-26373",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26373"
},
{
"name": "CVE-2022-2318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2318"
},
{
"name": "CVE-2022-36879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36879"
},
{
"name": "CVE-2022-20369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20369"
},
{
"name": "CVE-2021-4159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4159"
},
{
"name": "CVE-2022-26365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26365"
}
],
"initial_release_date": "2022-10-14T00:00:00",
"last_revision_date": "2022-10-14T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-919",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5678-1 du 13 octobre 2022",
"url": "https://ubuntu.com/security/notices/USN-5678-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5679-1 du 13 octobre 2022",
"url": "https://ubuntu.com/security/notices/USN-5679-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5677-1 du 13 octobre 2022",
"url": "https://ubuntu.com/security/notices/USN-5677-1"
}
]
}
CERTFR-2022-AVI-141
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP2-BCL | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-BCL | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Storage 7 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-LTSS | ||
| SUSE | N/A | SUSE CaaS Platform 4.0 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.2 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-ESPOS | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Storage 6 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.0 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP3 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15-SP1 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.0 | ||
| SUSE | N/A | HPE Helion Openstack 8 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP1 | ||
| SUSE | N/A | SUSE Enterprise Storage 7 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12-SP4 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.0 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP1-BCL | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15-SP2 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.1 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP2 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12-SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP2-LTSS | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.1 | ||
| SUSE | N/A | SUSE OpenStack Cloud Crowbar | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP1-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3 | ||
| SUSE | N/A | SUSE OpenStack Cloud 8 | ||
| SUSE | N/A | SUSE Enterprise Storage 6 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 | ||
| SUSE | N/A | SUSE Linux Enterprise Realtime Extension 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 12-SP3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 15-SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Storage 7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE CaaS Platform 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP2",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Storage 6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.0",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.0",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "HPE Helion Openstack 8",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.0",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12-SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud Crowbar",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP1",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 8",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Realtime Extension 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP1",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12-SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45485"
},
{
"name": "CVE-2021-4202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4202"
},
{
"name": "CVE-2021-39657",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39657"
},
{
"name": "CVE-2019-15126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15126"
},
{
"name": "CVE-2018-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25020"
},
{
"name": "CVE-2021-45095",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45095"
},
{
"name": "CVE-2021-28711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28711"
},
{
"name": "CVE-2020-35519",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35519"
},
{
"name": "CVE-2021-43975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
},
{
"name": "CVE-2021-4135",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4135"
},
{
"name": "CVE-2021-28713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28713"
},
{
"name": "CVE-2022-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0286"
},
{
"name": "CVE-2021-4002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4002"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2021-45486",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45486"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2021-44733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44733"
},
{
"name": "CVE-2021-28712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28712"
},
{
"name": "CVE-2021-33098",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33098"
},
{
"name": "CVE-2020-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27820"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2022-0322",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0322"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2021-43976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43976"
},
{
"name": "CVE-2021-22600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22600"
},
{
"name": "CVE-2021-0935",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0935"
},
{
"name": "CVE-2021-39685",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39685"
},
{
"name": "CVE-2022-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0435"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2021-4149",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4149"
},
{
"name": "CVE-2021-28714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28714"
},
{
"name": "CVE-2020-28097",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28097"
},
{
"name": "CVE-2021-4159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4159"
},
{
"name": "CVE-2019-0136",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0136"
},
{
"name": "CVE-2021-28715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28715"
},
{
"name": "CVE-2021-39648",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39648"
},
{
"name": "CVE-2021-4197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4197"
}
],
"initial_release_date": "2022-02-11T00:00:00",
"last_revision_date": "2022-02-11T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-141",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nd\u00e9ni de service, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20220362-1 du 10 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220362-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20220363-1 du 10 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220363-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20220364-1 du 10 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220364-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20220365-1 du 10 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220365-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20220367-1 du 10 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220367-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20220366-1 du 10 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220366-1/"
}
]
}
CERTFR-2022-AVI-144
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP3 | ||
| SUSE | N/A | SUSE OpenStack Cloud Crowbar 9 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.2 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3 | ||
| SUSE | N/A | SUSE OpenStack Cloud 9 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP3 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Availability 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12-SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-4202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4202"
},
{
"name": "CVE-2021-39657",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39657"
},
{
"name": "CVE-2019-15126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15126"
},
{
"name": "CVE-2018-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25020"
},
{
"name": "CVE-2021-45095",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45095"
},
{
"name": "CVE-2021-28711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28711"
},
{
"name": "CVE-2021-43975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
},
{
"name": "CVE-2021-4135",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4135"
},
{
"name": "CVE-2021-28713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28713"
},
{
"name": "CVE-2022-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0286"
},
{
"name": "CVE-2021-4002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4002"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2021-45486",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45486"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2021-44733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44733"
},
{
"name": "CVE-2021-28712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28712"
},
{
"name": "CVE-2021-33098",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33098"
},
{
"name": "CVE-2020-27820",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27820"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2022-0322",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0322"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2021-43976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43976"
},
{
"name": "CVE-2021-22600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22600"
},
{
"name": "CVE-2021-0935",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0935"
},
{
"name": "CVE-2021-39685",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39685"
},
{
"name": "CVE-2022-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0435"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2021-4149",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4149"
},
{
"name": "CVE-2021-28714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28714"
},
{
"name": "CVE-2020-28097",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28097"
},
{
"name": "CVE-2021-4159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4159"
},
{
"name": "CVE-2021-28715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28715"
},
{
"name": "CVE-2021-39648",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39648"
},
{
"name": "CVE-2021-4197",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4197"
}
],
"initial_release_date": "2022-02-14T00:00:00",
"last_revision_date": "2022-02-14T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-144",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220371-1 du 11 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220371-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220370-1 du 11 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220370-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE 20220372-1 du 11 f\u00e9vrier 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20220372-1/"
}
]
}
CERTFR-2022-AVI-895
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32296"
},
{
"name": "CVE-2022-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
},
{
"name": "CVE-2022-33741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33741"
},
{
"name": "CVE-2022-3176",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3176"
},
{
"name": "CVE-2022-33742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33742"
},
{
"name": "CVE-2022-33740",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33740"
},
{
"name": "CVE-2022-0812",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0812"
},
{
"name": "CVE-2022-33744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33744"
},
{
"name": "CVE-2022-1012",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1012"
},
{
"name": "CVE-2022-26373",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26373"
},
{
"name": "CVE-2022-2318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2318"
},
{
"name": "CVE-2022-36879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36879"
},
{
"name": "CVE-2022-20369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20369"
},
{
"name": "CVE-2021-4159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4159"
},
{
"name": "CVE-2022-26365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26365"
},
{
"name": "CVE-2022-1882",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1882"
}
],
"initial_release_date": "2022-10-11T00:00:00",
"last_revision_date": "2022-10-11T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-895",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5669-1 du 10 octobre 2022",
"url": "https://ubuntu.com/security/notices/USN-5669-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5667-1 du 10 octobre 2022",
"url": "https://ubuntu.com/security/notices/USN-5667-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5668-1 du 10 octobre 2022",
"url": "https://ubuntu.com/security/notices/USN-5668-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5669-2 du 10 octobre 2022",
"url": "https://ubuntu.com/security/notices/USN-5669-2"
}
]
}
CERTFR-2023-AVI-0027
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer un déni de service à distance, une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 22.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-3977",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3977"
},
{
"name": "CVE-2022-45934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45934"
},
{
"name": "CVE-2022-3910",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3910"
},
{
"name": "CVE-2022-20421",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20421"
},
{
"name": "CVE-2022-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3643"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2022-39842",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39842"
},
{
"name": "CVE-2022-41849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41849"
},
{
"name": "CVE-2022-3544",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3544"
},
{
"name": "CVE-2022-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
},
{
"name": "CVE-2022-4095",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4095"
},
{
"name": "CVE-2022-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3541"
},
{
"name": "CVE-2022-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
},
{
"name": "CVE-2022-3649",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3649"
},
{
"name": "CVE-2022-39188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
},
{
"name": "CVE-2022-3586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3586"
},
{
"name": "CVE-2022-41850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41850"
},
{
"name": "CVE-2022-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3646"
},
{
"name": "CVE-2022-43945",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43945"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2022-0171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0171"
},
{
"name": "CVE-2022-3303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3303"
},
{
"name": "CVE-2022-3623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3623"
},
{
"name": "CVE-2022-3543",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3543"
},
{
"name": "CVE-2022-3061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3061"
},
{
"name": "CVE-2021-4159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4159"
},
{
"name": "CVE-2022-40307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40307"
}
],
"initial_release_date": "2023-01-13T00:00:00",
"last_revision_date": "2023-01-13T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 09 janvier 2023",
"url": "https://ubuntu.com/security/notices/USN-5791-2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 06 janvier 2023",
"url": "https://ubuntu.com/security/notices/USN-5794-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 06 janvier 2023",
"url": "https://ubuntu.com/security/notices/USN-5792-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 12 janvier 2023",
"url": "https://ubuntu.com/security/notices/USN-5802-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 10 janvier 2023",
"url": "https://ubuntu.com/security/notices/USN-5793-3"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 10 janvier 2023",
"url": "https://ubuntu.com/security/notices/USN-5791-3"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 11 janvier 2023",
"url": "https://ubuntu.com/security/notices/USN-5799-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 06 janvier 2023",
"url": "https://ubuntu.com/security/notices/USN-5791-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 09 janvier 2023",
"url": "https://ubuntu.com/security/notices/USN-5792-2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 06 janvier 2023",
"url": "https://ubuntu.com/security/notices/USN-5793-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 09 janvier 2023",
"url": "https://ubuntu.com/security/notices/USN-5793-2"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 06 janvier 2023",
"url": "https://ubuntu.com/security/notices/USN-5790-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 13 janvier 2023",
"url": "https://ubuntu.com/security/notices/USN-5803-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 10 janvier 2023",
"url": "https://ubuntu.com/security/notices/USN-5793-4"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu du 13 janvier 2023",
"url": "https://ubuntu.com/security/notices/USN-5804-1"
}
],
"reference": "CERTFR-2023-AVI-0027",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, une ex\u00e9cution de\ncode arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5793-4 du 10 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5793-1 du 06 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5791-2 du 09 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5791-1 du 06 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5792-2 du 09 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5791-3 du 10 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5804-1 du 13 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5790-1 du 06 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5794-1 du 06 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5792-1 du 06 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5802-1 du 12 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5793-3 du 10 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5803-1 du 13 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5799-1 du 11 janvier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5793-2 du 09 janvier 2023",
"url": null
}
]
}
CERTFR-2025-AVI-0529
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Manager Proxy 4.2 | ||
| SUSE | N/A | SUSE Linux Micro Extras 6.0 | ||
| SUSE | N/A | SUSE Linux Enterprise Desktop 15 SP6 | ||
| SUSE | N/A | Public Cloud Module 15-SP7 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP7 | ||
| SUSE | N/A | Basesystem Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 | ||
| SUSE | N/A | SUSE Linux Micro 6.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro for Rancher 5.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15 SP7 | ||
| SUSE | N/A | SUSE Real Time Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 12 SP5 | ||
| SUSE | N/A | SUSE Linux Micro 6.0 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 | ||
| SUSE | N/A | Legacy Module 15-SP7 | ||
| SUSE | N/A | Public Cloud Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP7 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Desktop 15 SP7 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP3 | ||
| SUSE | N/A | openSUSE Leap 15.4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP7 | ||
| SUSE | N/A | openSUSE Leap 15.5 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 Business Critical Linux | ||
| SUSE | N/A | Legacy Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | N/A | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP7 | ||
| SUSE | N/A | SUSE Linux Enterprise Live Patching 15-SP7 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | N/A | openSUSE Leap 15.6 | ||
| SUSE | N/A | SUSE Enterprise Storage 7.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP4 | ||
| SUSE | N/A | SUSE Linux Enterprise Real Time 15 SP4 | ||
| SUSE | N/A | Development Tools Module 15-SP7 | ||
| SUSE | N/A | SUSE Manager Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise High Performance Computing 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 12 SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP3 LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.4 | ||
| SUSE | N/A | openSUSE Leap 15.3 | ||
| SUSE | N/A | Basesystem Module 15-SP7 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability Extension 15 SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | N/A | Development Tools Module 15-SP6 | ||
| SUSE | N/A | SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security | ||
| SUSE | N/A | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | N/A | SUSE Real Time Module 15-SP7 | ||
| SUSE | N/A | SUSE Linux Enterprise Micro 5.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro Extras 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Public Cloud Module 15-SP7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Basesystem Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro 6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15 SP7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Legacy Module 15-SP7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Public Cloud Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15 SP7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 Business Critical Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Legacy Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Development Tools Module 15-SP7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP3 LTSS",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Basesystem Module 15-SP7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "Development Tools Module 15-SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP7",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2021-3743",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3743"
},
{
"name": "CVE-2021-20320",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20320"
},
{
"name": "CVE-2022-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
},
{
"name": "CVE-2022-3619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3619"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2021-4159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4159"
},
{
"name": "CVE-2023-1074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1074"
},
{
"name": "CVE-2023-28866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28866"
},
{
"name": "CVE-2023-1989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1989"
},
{
"name": "CVE-2023-1990",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1990"
},
{
"name": "CVE-2023-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6531"
},
{
"name": "CVE-2023-0160",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0160"
},
{
"name": "CVE-2023-47233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47233"
},
{
"name": "CVE-2023-52591",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52591"
},
{
"name": "CVE-2021-47100",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47100"
},
{
"name": "CVE-2023-52508",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52508"
},
{
"name": "CVE-2024-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
},
{
"name": "CVE-2021-47170",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47170"
},
{
"name": "CVE-2024-27018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27018"
},
{
"name": "CVE-2022-48704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48704"
},
{
"name": "CVE-2021-47220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47220"
},
{
"name": "CVE-2021-47229",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47229"
},
{
"name": "CVE-2021-47231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47231"
},
{
"name": "CVE-2021-47236",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47236"
},
{
"name": "CVE-2021-47239",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47239"
},
{
"name": "CVE-2021-47240",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47240"
},
{
"name": "CVE-2021-47246",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47246"
},
{
"name": "CVE-2021-47252",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47252"
},
{
"name": "CVE-2021-47255",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47255"
},
{
"name": "CVE-2021-47260",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47260"
},
{
"name": "CVE-2021-47288",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47288"
},
{
"name": "CVE-2021-47296",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47296"
},
{
"name": "CVE-2021-47314",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47314"
},
{
"name": "CVE-2021-47315",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47315"
},
{
"name": "CVE-2021-47485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47485"
},
{
"name": "CVE-2021-47500",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47500"
},
{
"name": "CVE-2021-47511",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47511"
},
{
"name": "CVE-2023-52654",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52654"
},
{
"name": "CVE-2023-52868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52868"
},
{
"name": "CVE-2024-35811",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35811"
},
{
"name": "CVE-2024-35895",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35895"
},
{
"name": "CVE-2024-35914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35914"
},
{
"name": "CVE-2024-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26740"
},
{
"name": "CVE-2024-35910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35910"
},
{
"name": "CVE-2024-27415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27415"
},
{
"name": "CVE-2024-27010",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27010"
},
{
"name": "CVE-2024-41005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41005"
},
{
"name": "CVE-2024-38606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38606"
},
{
"name": "CVE-2022-48875",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48875"
},
{
"name": "CVE-2024-45021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45021"
},
{
"name": "CVE-2024-46713",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46713"
},
{
"name": "CVE-2024-46752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46752"
},
{
"name": "CVE-2024-46763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46763"
},
{
"name": "CVE-2024-46782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46782"
},
{
"name": "CVE-2024-46814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46814"
},
{
"name": "CVE-2024-46865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46865"
},
{
"name": "CVE-2024-46751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46751"
},
{
"name": "CVE-2023-52888",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52888"
},
{
"name": "CVE-2024-43869",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43869"
},
{
"name": "CVE-2024-50126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50126"
},
{
"name": "CVE-2024-50290",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50290"
},
{
"name": "CVE-2024-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53057"
},
{
"name": "CVE-2024-53063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53063"
},
{
"name": "CVE-2024-43820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43820"
},
{
"name": "CVE-2024-49924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49924"
},
{
"name": "CVE-2024-50038",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50038"
},
{
"name": "CVE-2024-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50083"
},
{
"name": "CVE-2024-50162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50162"
},
{
"name": "CVE-2024-50163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50163"
},
{
"name": "CVE-2024-53135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53135"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50106"
},
{
"name": "CVE-2024-53168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53168"
},
{
"name": "CVE-2024-56558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56558"
},
{
"name": "CVE-2024-56641",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56641"
},
{
"name": "CVE-2024-56705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56705"
},
{
"name": "CVE-2024-56779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56779"
},
{
"name": "CVE-2024-49994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49994"
},
{
"name": "CVE-2024-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53124"
},
{
"name": "CVE-2024-56703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56703"
},
{
"name": "CVE-2025-21648",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21648"
},
{
"name": "CVE-2025-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21680"
},
{
"name": "CVE-2025-21683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21683"
},
{
"name": "CVE-2024-56633",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56633"
},
{
"name": "CVE-2024-50056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50056"
},
{
"name": "CVE-2024-50140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50140"
},
{
"name": "CVE-2024-50223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50223"
},
{
"name": "CVE-2024-53139",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53139"
},
{
"name": "CVE-2024-53163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53163"
},
{
"name": "CVE-2024-56702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56702"
},
{
"name": "CVE-2024-56751",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56751"
},
{
"name": "CVE-2024-47408",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47408"
},
{
"name": "CVE-2024-49571",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49571"
},
{
"name": "CVE-2024-53680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53680"
},
{
"name": "CVE-2024-56640",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56640"
},
{
"name": "CVE-2024-56718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56718"
},
{
"name": "CVE-2024-56770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56770"
},
{
"name": "CVE-2024-57900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57900"
},
{
"name": "CVE-2025-21629",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21629"
},
{
"name": "CVE-2022-49080",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49080"
},
{
"name": "CVE-2025-21753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21753"
},
{
"name": "CVE-2022-49145",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49145"
},
{
"name": "CVE-2022-49212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49212"
},
{
"name": "CVE-2022-49216",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49216"
},
{
"name": "CVE-2022-49235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49235"
},
{
"name": "CVE-2022-49248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49248"
},
{
"name": "CVE-2022-49253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49253"
},
{
"name": "CVE-2022-49320",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49320"
},
{
"name": "CVE-2022-49326",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49326"
},
{
"name": "CVE-2022-49371",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49371"
},
{
"name": "CVE-2022-49382",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49382"
},
{
"name": "CVE-2022-49396",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49396"
},
{
"name": "CVE-2022-49441",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49441"
},
{
"name": "CVE-2022-49445",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49445"
},
{
"name": "CVE-2022-49460",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49460"
},
{
"name": "CVE-2022-49467",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49467"
},
{
"name": "CVE-2022-49474",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49474"
},
{
"name": "CVE-2022-49491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49491"
},
{
"name": "CVE-2022-49503",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49503"
},
{
"name": "CVE-2022-49563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49563"
},
{
"name": "CVE-2022-49564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49564"
},
{
"name": "CVE-2022-49592",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49592"
},
{
"name": "CVE-2022-49625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49625"
},
{
"name": "CVE-2022-49652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49652"
},
{
"name": "CVE-2022-49715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49715"
},
{
"name": "CVE-2022-49729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49729"
},
{
"name": "CVE-2024-57996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57996"
},
{
"name": "CVE-2025-21772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21772"
},
{
"name": "CVE-2024-47794",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47794"
},
{
"name": "CVE-2024-49568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49568"
},
{
"name": "CVE-2024-54683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54683"
},
{
"name": "CVE-2024-56638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56638"
},
{
"name": "CVE-2024-56719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56719"
},
{
"name": "CVE-2024-56758",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56758"
},
{
"name": "CVE-2024-57924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57924"
},
{
"name": "CVE-2025-21635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21635"
},
{
"name": "CVE-2025-21659",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21659"
},
{
"name": "CVE-2024-54458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54458"
},
{
"name": "CVE-2024-57998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57998"
},
{
"name": "CVE-2024-58001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58001"
},
{
"name": "CVE-2024-58013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58013"
},
{
"name": "CVE-2024-58020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58020"
},
{
"name": "CVE-2024-58068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58068"
},
{
"name": "CVE-2024-58071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58071"
},
{
"name": "CVE-2024-58083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58083"
},
{
"name": "CVE-2025-21701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21701"
},
{
"name": "CVE-2025-21703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21703"
},
{
"name": "CVE-2025-21704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21704"
},
{
"name": "CVE-2025-21706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21706"
},
{
"name": "CVE-2025-21707",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21707"
},
{
"name": "CVE-2025-21758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21758"
},
{
"name": "CVE-2025-21760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21760"
},
{
"name": "CVE-2025-21761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21761"
},
{
"name": "CVE-2025-21762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21762"
},
{
"name": "CVE-2025-21763",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21763"
},
{
"name": "CVE-2025-21764",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21764"
},
{
"name": "CVE-2025-21765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21765"
},
{
"name": "CVE-2025-21766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21766"
},
{
"name": "CVE-2025-21782",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21782"
},
{
"name": "CVE-2025-21787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21787"
},
{
"name": "CVE-2025-21791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21791"
},
{
"name": "CVE-2025-21792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21792"
},
{
"name": "CVE-2025-21796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21796"
},
{
"name": "CVE-2025-21806",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21806"
},
{
"name": "CVE-2025-21812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21812"
},
{
"name": "CVE-2025-21814",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21814"
},
{
"name": "CVE-2025-21821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21821"
},
{
"name": "CVE-2025-21832",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21832"
},
{
"name": "CVE-2022-49139",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49139"
},
{
"name": "CVE-2022-49635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49635"
},
{
"name": "CVE-2022-49751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49751"
},
{
"name": "CVE-2023-52927",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52927"
},
{
"name": "CVE-2023-52975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52975"
},
{
"name": "CVE-2023-52988",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52988"
},
{
"name": "CVE-2023-52989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52989"
},
{
"name": "CVE-2023-52993",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52993"
},
{
"name": "CVE-2024-57947",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57947"
},
{
"name": "CVE-2024-57974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57974"
},
{
"name": "CVE-2024-58019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58019"
},
{
"name": "CVE-2025-21693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21693"
},
{
"name": "CVE-2025-21739",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21739"
},
{
"name": "CVE-2025-21759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
},
{
"name": "CVE-2025-21844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21844"
},
{
"name": "CVE-2025-21846",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21846"
},
{
"name": "CVE-2025-21847",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21847"
},
{
"name": "CVE-2025-21848",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21848"
},
{
"name": "CVE-2025-21850",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21850"
},
{
"name": "CVE-2025-21855",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21855"
},
{
"name": "CVE-2025-21856",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21856"
},
{
"name": "CVE-2025-21857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21857"
},
{
"name": "CVE-2025-21858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21858"
},
{
"name": "CVE-2025-21859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21859"
},
{
"name": "CVE-2025-21861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
},
{
"name": "CVE-2025-21862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21862"
},
{
"name": "CVE-2025-21864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21864"
},
{
"name": "CVE-2025-21865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21865"
},
{
"name": "CVE-2025-21866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21866"
},
{
"name": "CVE-2025-21869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21869"
},
{
"name": "CVE-2025-21870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21870"
},
{
"name": "CVE-2025-21871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21871"
},
{
"name": "CVE-2025-21876",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21876"
},
{
"name": "CVE-2025-21877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21877"
},
{
"name": "CVE-2025-21878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21878"
},
{
"name": "CVE-2025-21883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21883"
},
{
"name": "CVE-2025-21885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21885"
},
{
"name": "CVE-2025-21886",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21886"
},
{
"name": "CVE-2025-21888",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21888"
},
{
"name": "CVE-2025-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21890"
},
{
"name": "CVE-2025-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21891"
},
{
"name": "CVE-2025-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21892"
},
{
"name": "CVE-2025-21702",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21702"
},
{
"name": "CVE-2025-21867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21867"
},
{
"name": "CVE-2025-21875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21875"
},
{
"name": "CVE-2025-21881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21881"
},
{
"name": "CVE-2025-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
},
{
"name": "CVE-2025-21904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21904"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2025-21909",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21909"
},
{
"name": "CVE-2025-21910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21910"
},
{
"name": "CVE-2025-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21912"
},
{
"name": "CVE-2025-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21913"
},
{
"name": "CVE-2025-21914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21914"
},
{
"name": "CVE-2025-21916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21916"
},
{
"name": "CVE-2025-21917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21917"
},
{
"name": "CVE-2025-21918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21918"
},
{
"name": "CVE-2025-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21919"
},
{
"name": "CVE-2025-21922",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21922"
},
{
"name": "CVE-2025-21924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21924"
},
{
"name": "CVE-2025-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21925"
},
{
"name": "CVE-2025-21926",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21926"
},
{
"name": "CVE-2025-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21928"
},
{
"name": "CVE-2025-21934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21934"
},
{
"name": "CVE-2025-21935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21935"
},
{
"name": "CVE-2025-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21936"
},
{
"name": "CVE-2025-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21937"
},
{
"name": "CVE-2025-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21938"
},
{
"name": "CVE-2025-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
},
{
"name": "CVE-2025-21943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21943"
},
{
"name": "CVE-2025-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21948"
},
{
"name": "CVE-2025-21950",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21950"
},
{
"name": "CVE-2025-21951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21951"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2025-21960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21960"
},
{
"name": "CVE-2025-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
},
{
"name": "CVE-2025-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
},
{
"name": "CVE-2025-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
},
{
"name": "CVE-2025-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
},
{
"name": "CVE-2025-21970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
},
{
"name": "CVE-2025-21971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21971"
},
{
"name": "CVE-2025-21975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
},
{
"name": "CVE-2025-21978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21978"
},
{
"name": "CVE-2025-21979",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21979"
},
{
"name": "CVE-2025-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21980"
},
{
"name": "CVE-2025-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2025-21993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21993"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2025-21997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21997"
},
{
"name": "CVE-2025-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2025-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
},
{
"name": "CVE-2025-22010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
},
{
"name": "CVE-2025-22014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
},
{
"name": "CVE-2025-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22015"
},
{
"name": "CVE-2025-21969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21969"
},
{
"name": "CVE-2025-21696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21696"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
},
{
"name": "CVE-2025-21927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21927"
},
{
"name": "CVE-2023-53034",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53034"
},
{
"name": "CVE-2025-21853",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21853"
},
{
"name": "CVE-2025-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22025"
},
{
"name": "CVE-2025-22027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22027"
},
{
"name": "CVE-2025-22033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22033"
},
{
"name": "CVE-2025-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22044"
},
{
"name": "CVE-2025-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22045"
},
{
"name": "CVE-2025-22050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22050"
},
{
"name": "CVE-2025-22055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22055"
},
{
"name": "CVE-2025-22056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22056"
},
{
"name": "CVE-2025-22058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22058"
},
{
"name": "CVE-2025-22060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22060"
},
{
"name": "CVE-2025-22063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22063"
},
{
"name": "CVE-2025-22066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22066"
},
{
"name": "CVE-2025-22075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22075"
},
{
"name": "CVE-2025-22086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22086"
},
{
"name": "CVE-2025-22088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22088"
},
{
"name": "CVE-2025-22089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22089"
},
{
"name": "CVE-2025-22093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22093"
},
{
"name": "CVE-2025-22095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22095"
},
{
"name": "CVE-2025-22097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22097"
},
{
"name": "CVE-2025-22126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22126"
},
{
"name": "CVE-2025-23136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23136"
},
{
"name": "CVE-2025-23138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23138"
},
{
"name": "CVE-2025-37785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
},
{
"name": "CVE-2025-38152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38152"
},
{
"name": "CVE-2025-38637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38637"
},
{
"name": "CVE-2025-39728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39728"
},
{
"name": "CVE-2025-39735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39735"
},
{
"name": "CVE-2024-28956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28956"
},
{
"name": "CVE-2025-21953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21953"
},
{
"name": "CVE-2021-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47670"
},
{
"name": "CVE-2022-49110",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49110"
},
{
"name": "CVE-2022-49728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49728"
},
{
"name": "CVE-2022-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49767"
},
{
"name": "CVE-2023-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53051"
},
{
"name": "CVE-2024-35840",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35840"
},
{
"name": "CVE-2024-58018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58018"
},
{
"name": "CVE-2024-58070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58070"
},
{
"name": "CVE-2024-58088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58088"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2024-58094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58094"
},
{
"name": "CVE-2024-58095",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58095"
},
{
"name": "CVE-2024-58096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58096"
},
{
"name": "CVE-2024-58097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58097"
},
{
"name": "CVE-2025-21729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21729"
},
{
"name": "CVE-2025-21755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21755"
},
{
"name": "CVE-2025-21768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21768"
},
{
"name": "CVE-2025-21808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21808"
},
{
"name": "CVE-2025-21833",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21833"
},
{
"name": "CVE-2025-21836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21836"
},
{
"name": "CVE-2025-21852",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21852"
},
{
"name": "CVE-2025-21854",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21854"
},
{
"name": "CVE-2025-21863",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21863"
},
{
"name": "CVE-2025-21873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21873"
},
{
"name": "CVE-2025-21884",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21884"
},
{
"name": "CVE-2025-21889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21889"
},
{
"name": "CVE-2025-21894",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21894"
},
{
"name": "CVE-2025-21895",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21895"
},
{
"name": "CVE-2025-21906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21906"
},
{
"name": "CVE-2025-21908",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21908"
},
{
"name": "CVE-2025-21915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21915"
},
{
"name": "CVE-2025-21923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21923"
},
{
"name": "CVE-2025-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21930"
},
{
"name": "CVE-2025-21931",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21931"
},
{
"name": "CVE-2025-21961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21961"
},
{
"name": "CVE-2025-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21966"
},
{
"name": "CVE-2025-21972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21972"
},
{
"name": "CVE-2025-21985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21985"
},
{
"name": "CVE-2025-21995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21995"
},
{
"name": "CVE-2025-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22001"
},
{
"name": "CVE-2025-22003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22003"
},
{
"name": "CVE-2025-22009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22009"
},
{
"name": "CVE-2025-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22013"
},
{
"name": "CVE-2025-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22016"
},
{
"name": "CVE-2025-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22017"
},
{
"name": "CVE-2025-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22018"
},
{
"name": "CVE-2025-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
},
{
"name": "CVE-2025-22029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22029"
},
{
"name": "CVE-2025-22036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22036"
},
{
"name": "CVE-2025-22053",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22053"
},
{
"name": "CVE-2025-22062",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22062"
},
{
"name": "CVE-2025-22064",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22064"
},
{
"name": "CVE-2025-22065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22065"
},
{
"name": "CVE-2025-22080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22080"
},
{
"name": "CVE-2025-22090",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22090"
},
{
"name": "CVE-2025-22102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22102"
},
{
"name": "CVE-2025-22104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22104"
},
{
"name": "CVE-2025-22105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22105"
},
{
"name": "CVE-2025-22106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22106"
},
{
"name": "CVE-2025-22107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22107"
},
{
"name": "CVE-2025-22108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22108"
},
{
"name": "CVE-2025-22109",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22109"
},
{
"name": "CVE-2025-22115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22115"
},
{
"name": "CVE-2025-22116",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22116"
},
{
"name": "CVE-2025-22121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22121"
},
{
"name": "CVE-2025-22128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22128"
},
{
"name": "CVE-2025-23129",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23129"
},
{
"name": "CVE-2025-23131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23131"
},
{
"name": "CVE-2025-23133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23133"
},
{
"name": "CVE-2025-23145",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23145"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2025-37799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37799"
},
{
"name": "CVE-2025-37860",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37860"
},
{
"name": "CVE-2025-37749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
},
{
"name": "CVE-2022-49190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49190"
},
{
"name": "CVE-2025-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22021"
},
{
"name": "CVE-2025-23140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23140"
},
{
"name": "CVE-2025-23141",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23141"
},
{
"name": "CVE-2025-23142",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23142"
},
{
"name": "CVE-2025-23144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23144"
},
{
"name": "CVE-2025-23146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23146"
},
{
"name": "CVE-2025-23147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23147"
},
{
"name": "CVE-2025-23148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23148"
},
{
"name": "CVE-2025-23150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23150"
},
{
"name": "CVE-2025-23151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23151"
},
{
"name": "CVE-2025-23156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23156"
},
{
"name": "CVE-2025-23157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23157"
},
{
"name": "CVE-2025-23158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23158"
},
{
"name": "CVE-2025-23159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23159"
},
{
"name": "CVE-2025-23161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23161"
},
{
"name": "CVE-2025-37738",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37738"
},
{
"name": "CVE-2025-37740",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37740"
},
{
"name": "CVE-2025-37741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37741"
},
{
"name": "CVE-2025-37742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37742"
},
{
"name": "CVE-2025-37748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37748"
},
{
"name": "CVE-2025-37752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37752"
},
{
"name": "CVE-2025-37758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37758"
},
{
"name": "CVE-2025-37765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37765"
},
{
"name": "CVE-2025-37766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37766"
},
{
"name": "CVE-2025-37767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37767"
},
{
"name": "CVE-2025-37768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37768"
},
{
"name": "CVE-2025-37769",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37769"
},
{
"name": "CVE-2025-37770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37770"
},
{
"name": "CVE-2025-37771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37771"
},
{
"name": "CVE-2025-37772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37772"
},
{
"name": "CVE-2025-37773",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37773"
},
{
"name": "CVE-2025-37780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37780"
},
{
"name": "CVE-2025-37781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37781"
},
{
"name": "CVE-2025-37782",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37782"
},
{
"name": "CVE-2025-37787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37787"
},
{
"name": "CVE-2025-37788",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37788"
},
{
"name": "CVE-2025-37789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37789"
},
{
"name": "CVE-2025-37790",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37790"
},
{
"name": "CVE-2025-37792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37792"
},
{
"name": "CVE-2025-37794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37794"
},
{
"name": "CVE-2025-37796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37796"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2025-37801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37801"
},
{
"name": "CVE-2025-37803",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37803"
},
{
"name": "CVE-2025-37805",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37805"
},
{
"name": "CVE-2025-37810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37810"
},
{
"name": "CVE-2025-37812",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37812"
},
{
"name": "CVE-2025-37815",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37815"
},
{
"name": "CVE-2025-37820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37820"
},
{
"name": "CVE-2025-37823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37823"
},
{
"name": "CVE-2025-37824",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37824"
},
{
"name": "CVE-2025-37829",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37829"
},
{
"name": "CVE-2025-37830",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37830"
},
{
"name": "CVE-2025-37836",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37836"
},
{
"name": "CVE-2025-37839",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37839"
},
{
"name": "CVE-2025-37840",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37840"
},
{
"name": "CVE-2025-37841",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37841"
},
{
"name": "CVE-2025-37844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37844"
},
{
"name": "CVE-2025-37849",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37849"
},
{
"name": "CVE-2025-37850",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37850"
},
{
"name": "CVE-2025-37851",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37851"
},
{
"name": "CVE-2025-37852",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37852"
},
{
"name": "CVE-2025-37854",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37854"
},
{
"name": "CVE-2025-37858",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37858"
},
{
"name": "CVE-2025-37862",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37862"
},
{
"name": "CVE-2025-37865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37865"
},
{
"name": "CVE-2025-37867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37867"
},
{
"name": "CVE-2025-37871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37871"
},
{
"name": "CVE-2025-37875",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37875"
},
{
"name": "CVE-2025-37879",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37879"
},
{
"name": "CVE-2025-37881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37881"
},
{
"name": "CVE-2025-37889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
},
{
"name": "CVE-2025-37892",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37892"
},
{
"name": "CVE-2025-37937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37937"
},
{
"name": "CVE-2025-37979",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37979"
},
{
"name": "CVE-2025-37982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37982"
},
{
"name": "CVE-2025-37983",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37983"
},
{
"name": "CVE-2025-37985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37985"
},
{
"name": "CVE-2025-37989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37989"
},
{
"name": "CVE-2025-37819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37819"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2025-37897",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37897"
},
{
"name": "CVE-2025-37901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37901"
},
{
"name": "CVE-2025-37903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37903"
},
{
"name": "CVE-2025-37905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37905"
},
{
"name": "CVE-2025-37911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37911"
},
{
"name": "CVE-2025-37912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37912"
},
{
"name": "CVE-2025-37913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37913"
},
{
"name": "CVE-2025-37914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37914"
},
{
"name": "CVE-2025-37915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37915"
},
{
"name": "CVE-2025-37917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37917"
},
{
"name": "CVE-2025-37928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37928"
},
{
"name": "CVE-2025-37929",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37929"
},
{
"name": "CVE-2025-37930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37930"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2025-37936",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37936"
},
{
"name": "CVE-2025-37948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37948"
},
{
"name": "CVE-2025-37949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37949"
},
{
"name": "CVE-2025-37951",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37951"
},
{
"name": "CVE-2025-37953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37953"
},
{
"name": "CVE-2025-37959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37959"
},
{
"name": "CVE-2025-37963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37963"
},
{
"name": "CVE-2025-37967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37967"
},
{
"name": "CVE-2025-37969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37969"
},
{
"name": "CVE-2025-37970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37970"
},
{
"name": "CVE-2025-37972",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37972"
},
{
"name": "CVE-2025-37990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37990"
},
{
"name": "CVE-2022-49769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49769"
},
{
"name": "CVE-2022-49770",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49770"
},
{
"name": "CVE-2022-49771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49771"
},
{
"name": "CVE-2022-49772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49772"
},
{
"name": "CVE-2022-49775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49775"
},
{
"name": "CVE-2022-49776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49776"
},
{
"name": "CVE-2022-49777",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49777"
},
{
"name": "CVE-2022-49779",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49779"
},
{
"name": "CVE-2022-49783",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49783"
},
{
"name": "CVE-2022-49787",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49787"
},
{
"name": "CVE-2022-49788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49788"
},
{
"name": "CVE-2022-49789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49789"
},
{
"name": "CVE-2022-49790",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49790"
},
{
"name": "CVE-2022-49792",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49792"
},
{
"name": "CVE-2022-49793",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49793"
},
{
"name": "CVE-2022-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49794"
},
{
"name": "CVE-2022-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49796"
},
{
"name": "CVE-2022-49797",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49797"
},
{
"name": "CVE-2022-49799",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49799"
},
{
"name": "CVE-2022-49800",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49800"
},
{
"name": "CVE-2022-49801",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49801"
},
{
"name": "CVE-2022-49802",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49802"
},
{
"name": "CVE-2022-49807",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49807"
},
{
"name": "CVE-2022-49809",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49809"
},
{
"name": "CVE-2022-49810",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49810"
},
{
"name": "CVE-2022-49812",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49812"
},
{
"name": "CVE-2022-49813",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49813"
},
{
"name": "CVE-2022-49818",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49818"
},
{
"name": "CVE-2022-49821",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49821"
},
{
"name": "CVE-2022-49822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49822"
},
{
"name": "CVE-2022-49823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49823"
},
{
"name": "CVE-2022-49824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49824"
},
{
"name": "CVE-2022-49825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49825"
},
{
"name": "CVE-2022-49826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49826"
},
{
"name": "CVE-2022-49827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49827"
},
{
"name": "CVE-2022-49830",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49830"
},
{
"name": "CVE-2022-49832",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49832"
},
{
"name": "CVE-2022-49834",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49834"
},
{
"name": "CVE-2022-49835",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49835"
},
{
"name": "CVE-2022-49836",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49836"
},
{
"name": "CVE-2022-49839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49839"
},
{
"name": "CVE-2022-49841",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49841"
},
{
"name": "CVE-2022-49842",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49842"
},
{
"name": "CVE-2022-49845",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49845"
},
{
"name": "CVE-2022-49846",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49846"
},
{
"name": "CVE-2022-49850",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49850"
},
{
"name": "CVE-2022-49853",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49853"
},
{
"name": "CVE-2022-49858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49858"
},
{
"name": "CVE-2022-49860",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49860"
},
{
"name": "CVE-2022-49861",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49861"
},
{
"name": "CVE-2022-49863",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49863"
},
{
"name": "CVE-2022-49864",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49864"
},
{
"name": "CVE-2022-49865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49865"
},
{
"name": "CVE-2022-49868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49868"
},
{
"name": "CVE-2022-49869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49869"
},
{
"name": "CVE-2022-49870",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49870"
},
{
"name": "CVE-2022-49871",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49871"
},
{
"name": "CVE-2022-49874",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49874"
},
{
"name": "CVE-2022-49879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49879"
},
{
"name": "CVE-2022-49880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49880"
},
{
"name": "CVE-2022-49881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49881"
},
{
"name": "CVE-2022-49885",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49885"
},
{
"name": "CVE-2022-49887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49887"
},
{
"name": "CVE-2022-49888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49888"
},
{
"name": "CVE-2022-49889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49889"
},
{
"name": "CVE-2022-49890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49890"
},
{
"name": "CVE-2022-49891",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49891"
},
{
"name": "CVE-2022-49892",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49892"
},
{
"name": "CVE-2022-49900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49900"
},
{
"name": "CVE-2022-49905",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49905"
},
{
"name": "CVE-2022-49906",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49906"
},
{
"name": "CVE-2022-49908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49908"
},
{
"name": "CVE-2022-49909",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49909"
},
{
"name": "CVE-2022-49910",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49910"
},
{
"name": "CVE-2022-49915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49915"
},
{
"name": "CVE-2022-49916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49916"
},
{
"name": "CVE-2022-49922",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49922"
},
{
"name": "CVE-2022-49923",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49923"
},
{
"name": "CVE-2022-49924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49924"
},
{
"name": "CVE-2022-49925",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49925"
},
{
"name": "CVE-2022-49927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49927"
},
{
"name": "CVE-2022-49928",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49928"
},
{
"name": "CVE-2022-49931",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49931"
},
{
"name": "CVE-2023-53035",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53035"
},
{
"name": "CVE-2023-53038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53038"
},
{
"name": "CVE-2023-53039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53039"
},
{
"name": "CVE-2023-53040",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53040"
},
{
"name": "CVE-2023-53041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53041"
},
{
"name": "CVE-2023-53044",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53044"
},
{
"name": "CVE-2023-53045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53045"
},
{
"name": "CVE-2023-53049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53049"
},
{
"name": "CVE-2023-53052",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53052"
},
{
"name": "CVE-2023-53054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53054"
},
{
"name": "CVE-2023-53056",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53056"
},
{
"name": "CVE-2023-53058",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53058"
},
{
"name": "CVE-2023-53059",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53059"
},
{
"name": "CVE-2023-53060",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53060"
},
{
"name": "CVE-2023-53062",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53062"
},
{
"name": "CVE-2023-53064",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53064"
},
{
"name": "CVE-2023-53065",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53065"
},
{
"name": "CVE-2023-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53066"
},
{
"name": "CVE-2023-53068",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53068"
},
{
"name": "CVE-2023-53075",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53075"
},
{
"name": "CVE-2023-53077",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53077"
},
{
"name": "CVE-2023-53078",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53078"
},
{
"name": "CVE-2023-53079",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53079"
},
{
"name": "CVE-2023-53081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53081"
},
{
"name": "CVE-2023-53084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53084"
},
{
"name": "CVE-2023-53087",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53087"
},
{
"name": "CVE-2023-53089",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53089"
},
{
"name": "CVE-2023-53090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53090"
},
{
"name": "CVE-2023-53091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53091"
},
{
"name": "CVE-2023-53092",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53092"
},
{
"name": "CVE-2023-53093",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53093"
},
{
"name": "CVE-2023-53096",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53096"
},
{
"name": "CVE-2023-53098",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53098"
},
{
"name": "CVE-2023-53099",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53099"
},
{
"name": "CVE-2023-53100",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53100"
},
{
"name": "CVE-2023-53101",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53101"
},
{
"name": "CVE-2023-53106",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53106"
},
{
"name": "CVE-2023-53108",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53108"
},
{
"name": "CVE-2023-53111",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53111"
},
{
"name": "CVE-2023-53114",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53114"
},
{
"name": "CVE-2023-53116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53116"
},
{
"name": "CVE-2023-53118",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53118"
},
{
"name": "CVE-2023-53119",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53119"
},
{
"name": "CVE-2023-53123",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53123"
},
{
"name": "CVE-2023-53124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53124"
},
{
"name": "CVE-2023-53125",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53125"
},
{
"name": "CVE-2023-53131",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53131"
},
{
"name": "CVE-2023-53134",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53134"
},
{
"name": "CVE-2023-53137",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53137"
},
{
"name": "CVE-2023-53139",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53139"
},
{
"name": "CVE-2023-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53140"
},
{
"name": "CVE-2023-53142",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53142"
},
{
"name": "CVE-2023-53143",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53143"
},
{
"name": "CVE-2023-53145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53145"
},
{
"name": "CVE-2025-22030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22030"
},
{
"name": "CVE-2025-22057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22057"
},
{
"name": "CVE-2025-22070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22070"
},
{
"name": "CVE-2025-22103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22103"
},
{
"name": "CVE-2025-22125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22125"
},
{
"name": "CVE-2025-23160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23160"
},
{
"name": "CVE-2025-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37750"
},
{
"name": "CVE-2025-37755",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37755"
},
{
"name": "CVE-2025-37804",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37804"
},
{
"name": "CVE-2025-37809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37809"
},
{
"name": "CVE-2025-37831",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37831"
},
{
"name": "CVE-2025-37833",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37833"
},
{
"name": "CVE-2025-37842",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37842"
},
{
"name": "CVE-2025-37870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37870"
},
{
"name": "CVE-2025-37886",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37886"
},
{
"name": "CVE-2025-37887",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37887"
},
{
"name": "CVE-2025-37957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37957"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2025-37960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37960"
},
{
"name": "CVE-2025-37974",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37974"
},
{
"name": "CVE-2025-40325",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40325"
},
{
"name": "CVE-2025-37943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37943"
},
{
"name": "CVE-2020-36790",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36790"
},
{
"name": "CVE-2020-36791",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36791"
},
{
"name": "CVE-2022-49168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49168"
},
{
"name": "CVE-2022-49420",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49420"
},
{
"name": "CVE-2022-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49761"
},
{
"name": "CVE-2022-49762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49762"
},
{
"name": "CVE-2022-49763",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49763"
},
{
"name": "CVE-2022-49773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49773"
},
{
"name": "CVE-2022-49781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49781"
},
{
"name": "CVE-2022-49784",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49784"
},
{
"name": "CVE-2022-49786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49786"
},
{
"name": "CVE-2022-49795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49795"
},
{
"name": "CVE-2022-49829",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49829"
},
{
"name": "CVE-2022-49837",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49837"
},
{
"name": "CVE-2022-49840",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49840"
},
{
"name": "CVE-2022-49862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49862"
},
{
"name": "CVE-2022-49872",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49872"
},
{
"name": "CVE-2022-49877",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49877"
},
{
"name": "CVE-2022-49886",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49886"
},
{
"name": "CVE-2022-49898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49898"
},
{
"name": "CVE-2022-49901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49901"
},
{
"name": "CVE-2022-49902",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49902"
},
{
"name": "CVE-2022-49907",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49907"
},
{
"name": "CVE-2022-49913",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49913"
},
{
"name": "CVE-2022-49914",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49914"
},
{
"name": "CVE-2022-49917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49917"
},
{
"name": "CVE-2022-49918",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49918"
},
{
"name": "CVE-2022-49921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49921"
},
{
"name": "CVE-2022-49929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49929"
},
{
"name": "CVE-2023-53036",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53036"
},
{
"name": "CVE-2023-53042",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53042"
},
{
"name": "CVE-2023-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53057"
},
{
"name": "CVE-2023-53070",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53070"
},
{
"name": "CVE-2023-53071",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53071"
},
{
"name": "CVE-2023-53073",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53073"
},
{
"name": "CVE-2023-53074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53074"
},
{
"name": "CVE-2023-53080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53080"
},
{
"name": "CVE-2023-53082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53082"
},
{
"name": "CVE-2023-53094",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53094"
},
{
"name": "CVE-2023-53095",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53095"
},
{
"name": "CVE-2023-53102",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53102"
},
{
"name": "CVE-2023-53103",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53103"
},
{
"name": "CVE-2023-53105",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53105"
},
{
"name": "CVE-2023-53109",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53109"
},
{
"name": "CVE-2023-53112",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53112"
},
{
"name": "CVE-2023-53121",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53121"
},
{
"name": "CVE-2023-53128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53128"
},
{
"name": "CVE-2023-53141",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53141"
},
{
"name": "CVE-2023-53146",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53146"
},
{
"name": "CVE-2024-49570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49570"
},
{
"name": "CVE-2024-58074",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58074"
},
{
"name": "CVE-2024-58091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58091"
},
{
"name": "CVE-2024-58098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58098"
},
{
"name": "CVE-2024-58099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58099"
},
{
"name": "CVE-2024-58100",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58100"
},
{
"name": "CVE-2024-58237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58237"
},
{
"name": "CVE-2025-21717",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21717"
},
{
"name": "CVE-2025-21800",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21800"
},
{
"name": "CVE-2025-21837",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21837"
},
{
"name": "CVE-2025-21868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21868"
},
{
"name": "CVE-2025-21882",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21882"
},
{
"name": "CVE-2025-21893",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21893"
},
{
"name": "CVE-2025-21929",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21929"
},
{
"name": "CVE-2025-21973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21973"
},
{
"name": "CVE-2025-21974",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21974"
},
{
"name": "CVE-2025-21989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21989"
},
{
"name": "CVE-2025-21990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21990"
},
{
"name": "CVE-2025-22028",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22028"
},
{
"name": "CVE-2025-22085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22085"
},
{
"name": "CVE-2025-22091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22091"
},
{
"name": "CVE-2025-22094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22094"
},
{
"name": "CVE-2025-22112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22112"
},
{
"name": "CVE-2025-22113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22113"
},
{
"name": "CVE-2025-22117",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22117"
},
{
"name": "CVE-2025-22118",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22118"
},
{
"name": "CVE-2025-22119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22119"
},
{
"name": "CVE-2025-22124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22124"
},
{
"name": "CVE-2025-23134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23134"
},
{
"name": "CVE-2025-23149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23149"
},
{
"name": "CVE-2025-23154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23154"
},
{
"name": "CVE-2025-23155",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23155"
},
{
"name": "CVE-2025-37743",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37743"
},
{
"name": "CVE-2025-37747",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37747"
},
{
"name": "CVE-2025-37754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37754"
},
{
"name": "CVE-2025-37793",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37793"
},
{
"name": "CVE-2025-37800",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37800"
},
{
"name": "CVE-2025-37846",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37846"
},
{
"name": "CVE-2025-37853",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37853"
},
{
"name": "CVE-2025-37873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37873"
},
{
"name": "CVE-2025-37874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37874"
},
{
"name": "CVE-2025-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37891"
},
{
"name": "CVE-2025-37900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37900"
},
{
"name": "CVE-2025-37918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37918"
},
{
"name": "CVE-2025-37925",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37925"
},
{
"name": "CVE-2025-37931",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37931"
},
{
"name": "CVE-2025-37933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37933"
},
{
"name": "CVE-2025-37944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37944"
},
{
"name": "CVE-2025-37954",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37954"
},
{
"name": "CVE-2025-37968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37968"
},
{
"name": "CVE-2025-37978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37978"
},
{
"name": "CVE-2025-37980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37980"
},
{
"name": "CVE-2025-37986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37986"
},
{
"name": "CVE-2025-37987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37987"
},
{
"name": "CVE-2025-37998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37998"
},
{
"name": "CVE-2025-38104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38104"
},
{
"name": "CVE-2025-38240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38240"
},
{
"name": "CVE-2025-40014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40014"
},
{
"name": "CVE-2025-40364",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40364"
}
],
"initial_release_date": "2025-06-20T00:00:00",
"last_revision_date": "2025-06-20T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0529",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2025-06-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:01951-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501951-1"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:01995-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501995-1"
},
{
"published_at": "2025-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:01964-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501964-1"
},
{
"published_at": "2025-06-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:01948-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501948-1"
},
{
"published_at": "2025-06-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:01958-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501958-1"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:01982-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501982-1"
},
{
"published_at": "2025-06-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:01944-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501944-1"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:01972-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501972-1"
},
{
"published_at": "2025-06-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:01950-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501950-1"
},
{
"published_at": "2025-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:20413-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520413-1"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:02000-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502000-1"
},
{
"published_at": "2025-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:20419-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520419-1"
},
{
"published_at": "2025-06-17",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:01983-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501983-1"
},
{
"published_at": "2025-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:20421-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520421-1"
},
{
"published_at": "2025-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:01965-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501965-1"
},
{
"published_at": "2025-06-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:01949-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501949-1"
},
{
"published_at": "2025-06-15",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:20408-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520408-1"
},
{
"published_at": "2025-06-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:01957-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501957-1"
},
{
"published_at": "2025-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:01967-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501967-1"
},
{
"published_at": "2025-06-16",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:01966-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501966-1"
},
{
"published_at": "2025-06-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2025:01956-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202501956-1"
}
]
}
CERTFR-2022-AVI-875
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian 10 buster versions ant\u00e9rieures \u00e0 4.19.260-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-33741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33741"
},
{
"name": "CVE-2021-33656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33656"
},
{
"name": "CVE-2022-33742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33742"
},
{
"name": "CVE-2022-39842",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39842"
},
{
"name": "CVE-2021-33655",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33655"
},
{
"name": "CVE-2022-1462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1462"
},
{
"name": "CVE-2022-33740",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33740"
},
{
"name": "CVE-2022-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
},
{
"name": "CVE-2022-2586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2586"
},
{
"name": "CVE-2022-33744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33744"
},
{
"name": "CVE-2022-39188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
},
{
"name": "CVE-2022-26373",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26373"
},
{
"name": "CVE-2022-2318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2318"
},
{
"name": "CVE-2022-36946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36946"
},
{
"name": "CVE-2022-1679",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1679"
},
{
"name": "CVE-2022-36879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36879"
},
{
"name": "CVE-2022-2588",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2588"
},
{
"name": "CVE-2021-4159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4159"
},
{
"name": "CVE-2022-3028",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3028"
},
{
"name": "CVE-2022-26365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26365"
},
{
"name": "CVE-2022-40307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40307"
},
{
"name": "CVE-2022-2153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2153"
}
],
"initial_release_date": "2022-10-03T00:00:00",
"last_revision_date": "2022-10-03T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-875",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nDebian. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Debian du 02 octobre 2022",
"url": "https://www.debian.org/lts/security/2022/dla-3131"
}
]
}
CERTFR-2022-AVI-968
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
},
{
"name": "CVE-2022-33741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33741"
},
{
"name": "CVE-2022-3176",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3176"
},
{
"name": "CVE-2022-33742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33742"
},
{
"name": "CVE-2022-33740",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33740"
},
{
"name": "CVE-2022-33744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33744"
},
{
"name": "CVE-2022-26373",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26373"
},
{
"name": "CVE-2022-2318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2318"
},
{
"name": "CVE-2022-36879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36879"
},
{
"name": "CVE-2022-20369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20369"
},
{
"name": "CVE-2021-4159",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4159"
},
{
"name": "CVE-2022-26365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26365"
},
{
"name": "CVE-2022-1882",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1882"
}
],
"initial_release_date": "2022-10-28T00:00:00",
"last_revision_date": "2022-10-28T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-968",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux\nd\u0027Ubuntu. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5706-1 du 27 octobre 2022",
"url": "https://ubuntu.com/security/notices/USN-5706-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-5703-1 du 26 octobre 2022",
"url": "https://ubuntu.com/security/notices/USN-5703-1"
}
]
}
wid-sec-w-2022-1207
Vulnerability from csaf_certbund
Published
2022-08-29 22:00
Modified
2023-04-26 22:00
Summary
Linux Kernel: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- UNIX
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1207 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1207.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1207 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1207"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5791-2 vom 2023-04-26",
"url": "https://ubuntu.com/security/notices/USN-6045-1"
},
{
"category": "external",
"summary": "National Vulnerability Database - CVE-2021-3714 vom 2022-08-29",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3714"
},
{
"category": "external",
"summary": "National Vulnerability Database - CVE-2021-4159 vom 2022-08-29",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4159"
},
{
"category": "external",
"summary": "Red Hat Customer Portal vom 2022-08-29",
"url": "https://access.redhat.com/security/cve/CVE-2021-3714"
},
{
"category": "external",
"summary": "Red Hat Customer Portal vom 2022-08-29",
"url": "https://access.redhat.com/security/cve/CVE-2021-4159"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3131 vom 2022-10-03",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1852 vom 2022-10-11",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1852.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1636 vom 2022-10-11",
"url": "https://alas.aws.amazon.com/ALAS-2022-1636.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5668-1 vom 2022-10-11",
"url": "https://ubuntu.com/security/notices/USN-5668-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5677-1 vom 2022-10-13",
"url": "https://ubuntu.com/security/notices/USN-5677-1"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.4-2022-036 vom 2022-10-14",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-036.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5682-1 vom 2022-10-14",
"url": "https://ubuntu.com/security/notices/USN-5682-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5706-1 vom 2022-10-27",
"url": "https://ubuntu.com/security/notices/USN-5706-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5790-1 vom 2023-01-07",
"url": "https://ubuntu.com/security/notices/USN-5790-1"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Offenlegung von Informationen",
"tracking": {
"current_release_date": "2023-04-26T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:34:06.088+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-1207",
"initial_release_date": "2022-08-29T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-08-29T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-10-03T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-10-10T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Amazon und Ubuntu aufgenommen"
},
{
"date": "2022-10-13T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu und Amazon aufgenommen"
},
{
"date": "2022-10-16T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-10-27T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-01-08T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-04-26T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "6368",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3714",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle im Linux Kernel. Der Fehler besteht im Mechanismus der Speicherdeduplizierung. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er seitengro\u00dfe Dateien hochl\u00e4dt und die \u00c4nderung der Zugriffszeit von einem Netzwerkdienst erkennt, um festzustellen, ob die Seite zusammengef\u00fchrt wurde."
}
],
"product_status": {
"known_affected": [
"2951",
"6368",
"T000126",
"398363"
]
},
"release_date": "2022-08-29T22:00:00.000+00:00",
"title": "CVE-2021-3714"
},
{
"cve": "CVE-2021-4159",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle im Linux Kernel. Der Fehler besteht im EBPF-Verifizierer beim Umgang mit internen Datenstrukturen. Ein lokaler Angreifer mit der Berechtigung, eBPF-Code in den Kernel einzuf\u00fcgen, kann diese Schwachstelle ausnutzen, um Details des internen Kernelspeichers zu erfahren."
}
],
"product_status": {
"known_affected": [
"2951",
"6368",
"T000126",
"398363"
]
},
"release_date": "2022-08-29T22:00:00.000+00:00",
"title": "CVE-2021-4159"
}
]
}
WID-SEC-W-2022-1207
Vulnerability from csaf_certbund
Published
2022-08-29 22:00
Modified
2023-04-26 22:00
Summary
Linux Kernel: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- UNIX
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1207 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1207.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1207 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1207"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5791-2 vom 2023-04-26",
"url": "https://ubuntu.com/security/notices/USN-6045-1"
},
{
"category": "external",
"summary": "National Vulnerability Database - CVE-2021-3714 vom 2022-08-29",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3714"
},
{
"category": "external",
"summary": "National Vulnerability Database - CVE-2021-4159 vom 2022-08-29",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4159"
},
{
"category": "external",
"summary": "Red Hat Customer Portal vom 2022-08-29",
"url": "https://access.redhat.com/security/cve/CVE-2021-3714"
},
{
"category": "external",
"summary": "Red Hat Customer Portal vom 2022-08-29",
"url": "https://access.redhat.com/security/cve/CVE-2021-4159"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3131 vom 2022-10-03",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2022-1852 vom 2022-10-11",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1852.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1636 vom 2022-10-11",
"url": "https://alas.aws.amazon.com/ALAS-2022-1636.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5668-1 vom 2022-10-11",
"url": "https://ubuntu.com/security/notices/USN-5668-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5677-1 vom 2022-10-13",
"url": "https://ubuntu.com/security/notices/USN-5677-1"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.4-2022-036 vom 2022-10-14",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-036.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5682-1 vom 2022-10-14",
"url": "https://ubuntu.com/security/notices/USN-5682-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5706-1 vom 2022-10-27",
"url": "https://ubuntu.com/security/notices/USN-5706-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5790-1 vom 2023-01-07",
"url": "https://ubuntu.com/security/notices/USN-5790-1"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Offenlegung von Informationen",
"tracking": {
"current_release_date": "2023-04-26T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:34:06.088+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-1207",
"initial_release_date": "2022-08-29T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-08-29T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-10-03T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-10-10T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Amazon und Ubuntu aufgenommen"
},
{
"date": "2022-10-13T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu und Amazon aufgenommen"
},
{
"date": "2022-10-16T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-10-27T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-01-08T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2023-04-26T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "6368",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3714",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle im Linux Kernel. Der Fehler besteht im Mechanismus der Speicherdeduplizierung. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, indem er seitengro\u00dfe Dateien hochl\u00e4dt und die \u00c4nderung der Zugriffszeit von einem Netzwerkdienst erkennt, um festzustellen, ob die Seite zusammengef\u00fchrt wurde."
}
],
"product_status": {
"known_affected": [
"2951",
"6368",
"T000126",
"398363"
]
},
"release_date": "2022-08-29T22:00:00.000+00:00",
"title": "CVE-2021-3714"
},
{
"cve": "CVE-2021-4159",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle im Linux Kernel. Der Fehler besteht im EBPF-Verifizierer beim Umgang mit internen Datenstrukturen. Ein lokaler Angreifer mit der Berechtigung, eBPF-Code in den Kernel einzuf\u00fcgen, kann diese Schwachstelle ausnutzen, um Details des internen Kernelspeichers zu erfahren."
}
],
"product_status": {
"known_affected": [
"2951",
"6368",
"T000126",
"398363"
]
},
"release_date": "2022-08-29T22:00:00.000+00:00",
"title": "CVE-2021-4159"
}
]
}
cnvd-2022-68595
Vulnerability from cnvd
Title
Linux kernel信息泄露漏洞(CNVD-2022-68595)
Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
Linux kernel存在安全漏洞,攻击者可利用该漏洞获取内部内核内存信息。
Severity
中
VLAI Severity ?
Formal description
目前没有详细的解决方案提供: https://access.redhat.com/security/cve/cve-2021-4159
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-4159
Impacted products
| Name | Linux Linux kernel <5.7 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-4159",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-4159"
}
},
"description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\n\nLinux kernel\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u5185\u90e8\u5185\u6838\u5185\u5b58\u4fe1\u606f\u3002",
"formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttps://access.redhat.com/security/cve/cve-2021-4159",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-68595",
"openTime": "2022-10-13",
"products": {
"product": "Linux Linux kernel \u003c5.7"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-4159",
"serverity": "\u4e2d",
"submitTime": "2022-02-09",
"title": "Linux kernel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2022-68595\uff09"
}
ghsa-4f4x-m5ww-4mcw
Vulnerability from github
Published
2022-08-25 00:00
Modified
2022-08-29 20:06
Severity ?
VLAI Severity ?
Details
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.
{
"affected": [],
"aliases": [
"CVE-2021-4159"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-24T16:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in the Linux kernel\u0027s EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.",
"id": "GHSA-4f4x-m5ww-4mcw",
"modified": "2022-08-29T20:06:54Z",
"published": "2022-08-25T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4159"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2021-4159"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036024"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4159"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
opensuse-su-2022:0363-1
Vulnerability from csaf_opensuse
Published
2022-02-10 16:01
Modified
2022-02-10 16:01
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254).
- CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880).
- CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371).
- CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065).
- CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867).
- CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767).
- CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864).
- CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861).
- CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184).
- CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723).
- CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227).
The following security references were added to already fixed issues:
- CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802).
The following non-security bugs were fixed:
- ACPI: battery: Add the ThinkPad 'Not Charging' quirk (git-fixes).
- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes).
- ACPICA: Fix wrong interpretation of PCC address (git-fixes).
- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes).
- ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes).
- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes).
- ALSA: seq: Set upper limit of processed events (git-fixes).
- ASoC: mediatek: mt8173: fix device_node leak (git-fixes).
- Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes).
- Documentation: fix firewire.rst ABI file path error (git-fixes).
- HID: apple: Do not reset quirks when the Fn key is not found (git-fixes).
- HID: quirks: Allow inverting the absolute X/Y values (git-fixes).
- HID: uhid: Fix worker destroying device without any protection (git-fixes).
- HID: wacom: Reset expected and received contact counts at the same time (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes).
- RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176).
- RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176).
- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes).
- arm64: Kconfig: add a choice for endianness (jsc#SLE-23432).
- asix: fix wrong return value in asix_check_host_enable() (git-fixes).
- ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes).
- ath10k: Fix tx hanging (git-fixes).
- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes).
- batman-adv: allow netlink usage in unprivileged containers (git-fixes).
- btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009).
- btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009).
- btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009).
- cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291).
- clk: si5341: Fix clock HW provider cleanup (git-fixes).
- crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes).
- drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes).
- drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes).
- drm/etnaviv: limit submit sizes (git-fixes).
- drm/etnaviv: relax submit size limits (git-fixes).
- drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes).
- drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes).
- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes).
- drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes).
- drm/msm: Fix wrong size calculation (git-fixes).
- drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes).
- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes).
- drm/radeon: fix error handling in radeon_driver_open_kms (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes).
- ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267).
- floppy: Add max size check for user space request (git-fixes).
- gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes).
- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes).
- hv_netvsc: Set needed_headroom according to VF (bsc#1193506).
- hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes).
- hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes).
- i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes).
- i2c: i801: Do not silently correct invalid transfer size (git-fixes).
- i2c: mpc: Correct I2C reset procedure (git-fixes).
- ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713).
- ibmvnic: Update driver return codes (bsc#1195293 ltc#196198).
- ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713).
- ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713).
- ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713).
- ibmvnic: remove unused defines (bsc#1195293 ltc#196198).
- igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634).
- iwlwifi: fix leaks/bad data after failed firmware load (git-fixes).
- iwlwifi: mvm: Fix calculation of frame length (git-fixes).
- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes).
- iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes).
- iwlwifi: remove module loading failure message (git-fixes).
- lib82596: Fix IRQ check in sni_82596_probe (git-fixes).
- lightnvm: Remove lightnvm implemenation (bsc#1191881).
- mac80211: allow non-standard VHT MCS-10/11 (git-fixes).
- media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).
- media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes).
- media: igorplugusb: receiver overflow should be reported (git-fixes).
- media: m920x: do not use stack on USB reads (git-fixes).
- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes).
- media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes).
- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes).
- mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488).
- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes).
- mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes).
- mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes).
- mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes).
- net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).
- net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506).
- net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464).
- net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172).
- net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464).
- net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428).
- net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447).
- net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447).
- net: bridge: vlan: fix single net device option dumping (bsc#1176447).
- net: mana: Add RX fencing (bsc#1193506).
- net: mana: Add XDP support (bsc#1193506).
- net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405).
- net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405).
- net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405).
- net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405).
- net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405).
- net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405).
- net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405).
- net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353).
- netdevsim: set .owner to THIS_MODULE (bsc#1154353).
- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes).
- nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
- phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes).
- phylib: fix potential use-after-free (git-fixes).
- pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes).
- pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes).
- powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865).
- regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes).
- rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes).
- sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)).
- sched/numa: Fix is_core_idle() (git fixes (sched/numa)).
- scripts/dtc: dtx_diff: remove broken example from help text (git-fixes).
- serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes).
- serial: Fix incorrect rs485 polarity on uart open (git-fixes).
- serial: amba-pl011: do not request memory region twice (git-fixes).
- serial: core: Keep mctrl register state and cached copy in sync (git-fixes).
- serial: pl010: Drop CR register reset on set_termios (git-fixes).
- serial: stm32: fix software flow control transfer (git-fixes).
- supported.conf: mark rtw88 modules as supported (jsc#SLE-22690)
- tty: n_gsm: fix SW flow control encoding/handling (git-fixes).
- ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes).
- usb: common: ulpi: Fix crash in ulpi_match() (git-fixes).
- usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes).
- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes).
- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes).
- usb: roles: fix include/linux/usb/role.h compile issue (git-fixes).
- usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes).
- usb: uhci: add aspeed ast2600 uhci support (git-fixes).
- vfio/iommu_type1: replace kfree with kvfree (git-fixes).
- video: hyperv_fb: Fix validation of screen resolution (git-fixes).
- vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353).
- workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062).
- x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes).
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
Patchnames
openSUSE-SLE-15.3-2022-363
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254).\n- CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880).\n- CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371).\n- CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065).\n- CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867).\n- CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767).\n- CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864).\n- CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861).\n- CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184).\n- CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723).\n- CVE-2021-4159: Fixed kernel ptr leak vulnerability via BPF in coerce_reg_to_size (bsc#1194227).\n\n\nThe following security references were added to already fixed issues:\n\n- CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802).\n\n\nThe following non-security bugs were fixed:\n\n- ACPI: battery: Add the ThinkPad \u0027Not Charging\u0027 quirk (git-fixes).\n- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes).\n- ACPICA: Fix wrong interpretation of PCC address (git-fixes).\n- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes).\n- ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes).\n- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes).\n- ALSA: seq: Set upper limit of processed events (git-fixes).\n- ASoC: mediatek: mt8173: fix device_node leak (git-fixes).\n- Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes).\n- Documentation: fix firewire.rst ABI file path error (git-fixes).\n- HID: apple: Do not reset quirks when the Fn key is not found (git-fixes).\n- HID: quirks: Allow inverting the absolute X/Y values (git-fixes).\n- HID: uhid: Fix worker destroying device without any protection (git-fixes).\n- HID: wacom: Reset expected and received contact counts at the same time (git-fixes).\n- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes).\n- RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176).\n- RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176).\n- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes).\n- arm64: Kconfig: add a choice for endianness (jsc#SLE-23432).\n- asix: fix wrong return value in asix_check_host_enable() (git-fixes).\n- ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes).\n- ath10k: Fix tx hanging (git-fixes).\n- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes).\n- batman-adv: allow netlink usage in unprivileged containers (git-fixes).\n- btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009).\n- btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009).\n- btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009).\n- cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291).\n- clk: si5341: Fix clock HW provider cleanup (git-fixes).\n- crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes).\n- drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes).\n- drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes).\n- drm/etnaviv: limit submit sizes (git-fixes).\n- drm/etnaviv: relax submit size limits (git-fixes).\n- drm/lima: fix warning when CONFIG_DEBUG_SG=y \u0026 CONFIG_DMA_API_DEBUG=y (git-fixes).\n- drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes).\n- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes).\n- drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes).\n- drm/msm: Fix wrong size calculation (git-fixes).\n- drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes).\n- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes).\n- drm/radeon: fix error handling in radeon_driver_open_kms (git-fixes).\n- drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes).\n- ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267).\n- floppy: Add max size check for user space request (git-fixes).\n- gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes).\n- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes).\n- hv_netvsc: Set needed_headroom according to VF (bsc#1193506).\n- hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes).\n- hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes).\n- hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes).\n- hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes).\n- hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes).\n- i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes).\n- i2c: i801: Do not silently correct invalid transfer size (git-fixes).\n- i2c: mpc: Correct I2C reset procedure (git-fixes).\n- ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713).\n- ibmvnic: Update driver return codes (bsc#1195293 ltc#196198).\n- ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713).\n- ibmvnic: init -\u003erunning_cap_crqs early (bsc#1195073 ltc#195713).\n- ibmvnic: remove unused -\u003ewait_capability (bsc#1195073 ltc#195713).\n- ibmvnic: remove unused defines (bsc#1195293 ltc#196198).\n- igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634).\n- iwlwifi: fix leaks/bad data after failed firmware load (git-fixes).\n- iwlwifi: mvm: Fix calculation of frame length (git-fixes).\n- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes).\n- iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes).\n- iwlwifi: remove module loading failure message (git-fixes).\n- lib82596: Fix IRQ check in sni_82596_probe (git-fixes).\n- lightnvm: Remove lightnvm implemenation (bsc#1191881).\n- mac80211: allow non-standard VHT MCS-10/11 (git-fixes).\n- media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).\n- media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes).\n- media: igorplugusb: receiver overflow should be reported (git-fixes).\n- media: m920x: do not use stack on USB reads (git-fixes).\n- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes).\n- media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes).\n- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes).\n- mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488).\n- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes).\n- mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes).\n- mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes).\n- mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes).\n- net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).\n- net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506).\n- net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464).\n- net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172).\n- net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464).\n- net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428).\n- net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447).\n- net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447).\n- net: bridge: vlan: fix single net device option dumping (bsc#1176447).\n- net: mana: Add RX fencing (bsc#1193506).\n- net: mana: Add XDP support (bsc#1193506).\n- net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405).\n- net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405).\n- net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405).\n- net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405).\n- net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405).\n- net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405).\n- net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405).\n- net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353).\n- netdevsim: set .owner to THIS_MODULE (bsc#1154353).\n- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes).\n- nvme: add \u0027iopolicy\u0027 module parameter (bsc#1177599 bsc#1193096).\n- phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes).\n- phylib: fix potential use-after-free (git-fixes).\n- pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes).\n- pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes).\n- powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865).\n- regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes).\n- rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes).\n- sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)).\n- sched/numa: Fix is_core_idle() (git fixes (sched/numa)).\n- scripts/dtc: dtx_diff: remove broken example from help text (git-fixes).\n- serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes).\n- serial: Fix incorrect rs485 polarity on uart open (git-fixes).\n- serial: amba-pl011: do not request memory region twice (git-fixes).\n- serial: core: Keep mctrl register state and cached copy in sync (git-fixes).\n- serial: pl010: Drop CR register reset on set_termios (git-fixes).\n- serial: stm32: fix software flow control transfer (git-fixes).\n- supported.conf: mark rtw88 modules as supported (jsc#SLE-22690)\n- tty: n_gsm: fix SW flow control encoding/handling (git-fixes).\n- ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes).\n- usb: common: ulpi: Fix crash in ulpi_match() (git-fixes).\n- usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes).\n- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes).\n- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes).\n- usb: roles: fix include/linux/usb/role.h compile issue (git-fixes).\n- usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes).\n- usb: uhci: add aspeed ast2600 uhci support (git-fixes).\n- vfio/iommu_type1: replace kfree with kvfree (git-fixes).\n- video: hyperv_fb: Fix validation of screen resolution (git-fixes).\n- vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353).\n- workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062).\n- x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes).\n- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2022-363",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0363-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0363-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/K4ZJSATCJ2GMGCX6RSG2TU2YU4DDOMVQ/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0363-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/K4ZJSATCJ2GMGCX6RSG2TU2YU4DDOMVQ/"
},
{
"category": "self",
"summary": "SUSE Bug 1154353",
"url": "https://bugzilla.suse.com/1154353"
},
{
"category": "self",
"summary": "SUSE Bug 1154488",
"url": "https://bugzilla.suse.com/1154488"
},
{
"category": "self",
"summary": "SUSE Bug 1160634",
"url": "https://bugzilla.suse.com/1160634"
},
{
"category": "self",
"summary": "SUSE Bug 1176447",
"url": "https://bugzilla.suse.com/1176447"
},
{
"category": "self",
"summary": "SUSE Bug 1177599",
"url": "https://bugzilla.suse.com/1177599"
},
{
"category": "self",
"summary": "SUSE Bug 1183405",
"url": "https://bugzilla.suse.com/1183405"
},
{
"category": "self",
"summary": "SUSE Bug 1185377",
"url": "https://bugzilla.suse.com/1185377"
},
{
"category": "self",
"summary": "SUSE Bug 1187428",
"url": "https://bugzilla.suse.com/1187428"
},
{
"category": "self",
"summary": "SUSE Bug 1187723",
"url": "https://bugzilla.suse.com/1187723"
},
{
"category": "self",
"summary": "SUSE Bug 1188605",
"url": "https://bugzilla.suse.com/1188605"
},
{
"category": "self",
"summary": "SUSE Bug 1191881",
"url": "https://bugzilla.suse.com/1191881"
},
{
"category": "self",
"summary": "SUSE Bug 1193096",
"url": "https://bugzilla.suse.com/1193096"
},
{
"category": "self",
"summary": "SUSE Bug 1193506",
"url": "https://bugzilla.suse.com/1193506"
},
{
"category": "self",
"summary": "SUSE Bug 1193767",
"url": "https://bugzilla.suse.com/1193767"
},
{
"category": "self",
"summary": "SUSE Bug 1193802",
"url": "https://bugzilla.suse.com/1193802"
},
{
"category": "self",
"summary": "SUSE Bug 1193861",
"url": "https://bugzilla.suse.com/1193861"
},
{
"category": "self",
"summary": "SUSE Bug 1193864",
"url": "https://bugzilla.suse.com/1193864"
},
{
"category": "self",
"summary": "SUSE Bug 1193867",
"url": "https://bugzilla.suse.com/1193867"
},
{
"category": "self",
"summary": "SUSE Bug 1194048",
"url": "https://bugzilla.suse.com/1194048"
},
{
"category": "self",
"summary": "SUSE Bug 1194227",
"url": "https://bugzilla.suse.com/1194227"
},
{
"category": "self",
"summary": "SUSE Bug 1194291",
"url": "https://bugzilla.suse.com/1194291"
},
{
"category": "self",
"summary": "SUSE Bug 1194880",
"url": "https://bugzilla.suse.com/1194880"
},
{
"category": "self",
"summary": "SUSE Bug 1195009",
"url": "https://bugzilla.suse.com/1195009"
},
{
"category": "self",
"summary": "SUSE Bug 1195062",
"url": "https://bugzilla.suse.com/1195062"
},
{
"category": "self",
"summary": "SUSE Bug 1195065",
"url": "https://bugzilla.suse.com/1195065"
},
{
"category": "self",
"summary": "SUSE Bug 1195073",
"url": "https://bugzilla.suse.com/1195073"
},
{
"category": "self",
"summary": "SUSE Bug 1195183",
"url": "https://bugzilla.suse.com/1195183"
},
{
"category": "self",
"summary": "SUSE Bug 1195184",
"url": "https://bugzilla.suse.com/1195184"
},
{
"category": "self",
"summary": "SUSE Bug 1195254",
"url": "https://bugzilla.suse.com/1195254"
},
{
"category": "self",
"summary": "SUSE Bug 1195267",
"url": "https://bugzilla.suse.com/1195267"
},
{
"category": "self",
"summary": "SUSE Bug 1195293",
"url": "https://bugzilla.suse.com/1195293"
},
{
"category": "self",
"summary": "SUSE Bug 1195371",
"url": "https://bugzilla.suse.com/1195371"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28097 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28097/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22600 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22600/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39648 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39657 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39657/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-39685 page",
"url": "https://www.suse.com/security/cve/CVE-2021-39685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4159 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-44733 page",
"url": "https://www.suse.com/security/cve/CVE-2021-44733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45095 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0286 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0330 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0330/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0435 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0435/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22942 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22942/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2022-02-10T16:01:36Z",
"generator": {
"date": "2022-02-10T16:01:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0363-1",
"initial_release_date": "2022-02-10T16:01:36Z",
"revision_history": [
{
"date": "2022-02-10T16:01:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"product": {
"name": "kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"product_id": "kernel-devel-azure-5.3.18-150300.38.40.4.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"product": {
"name": "kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"product_id": "kernel-source-azure-5.3.18-150300.38.40.4.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product_id": "cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product_id": "dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product_id": "gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "kernel-azure-5.3.18-150300.38.40.4.x86_64",
"product_id": "kernel-azure-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"product_id": "kernel-azure-devel-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"product_id": "kernel-azure-extra-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"product_id": "kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"product_id": "kernel-azure-optional-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"product": {
"name": "kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"product_id": "kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product_id": "kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product_id": "ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product": {
"name": "reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"product_id": "reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64"
},
"product_reference": "cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64"
},
"product_reference": "dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64"
},
"product_reference": "gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-5.3.18-150300.38.40.4.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64"
},
"product_reference": "kernel-azure-5.3.18-150300.38.40.4.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-5.3.18-150300.38.40.4.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64"
},
"product_reference": "kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-extra-5.3.18-150300.38.40.4.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64"
},
"product_reference": "kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64"
},
"product_reference": "kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-optional-5.3.18-150300.38.40.4.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64"
},
"product_reference": "kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-5.3.18-150300.38.40.4.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch"
},
"product_reference": "kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-5.3.18-150300.38.40.4.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch"
},
"product_reference": "kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-5.3.18-150300.38.40.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64"
},
"product_reference": "kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64"
},
"product_reference": "kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64"
},
"product_reference": "ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
},
"product_reference": "reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28097",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28097"
}
],
"notes": [
{
"category": "general",
"text": "The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28097",
"url": "https://www.suse.com/security/cve/CVE-2020-28097"
},
{
"category": "external",
"summary": "SUSE Bug 1187723 for CVE-2020-28097",
"url": "https://bugzilla.suse.com/1187723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:36Z",
"details": "moderate"
}
],
"title": "CVE-2020-28097"
},
{
"cve": "CVE-2021-22600",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22600"
}
],
"notes": [
{
"category": "general",
"text": "A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22600",
"url": "https://www.suse.com/security/cve/CVE-2021-22600"
},
{
"category": "external",
"summary": "SUSE Bug 1195184 for CVE-2021-22600",
"url": "https://bugzilla.suse.com/1195184"
},
{
"category": "external",
"summary": "SUSE Bug 1195307 for CVE-2021-22600",
"url": "https://bugzilla.suse.com/1195307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:36Z",
"details": "important"
}
],
"title": "CVE-2021-22600"
},
{
"cve": "CVE-2021-39648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39648"
}
],
"notes": [
{
"category": "general",
"text": "In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39648",
"url": "https://www.suse.com/security/cve/CVE-2021-39648"
},
{
"category": "external",
"summary": "SUSE Bug 1193861 for CVE-2021-39648",
"url": "https://bugzilla.suse.com/1193861"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:36Z",
"details": "moderate"
}
],
"title": "CVE-2021-39648"
},
{
"cve": "CVE-2021-39657",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39657"
}
],
"notes": [
{
"category": "general",
"text": "In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39657",
"url": "https://www.suse.com/security/cve/CVE-2021-39657"
},
{
"category": "external",
"summary": "SUSE Bug 1193864 for CVE-2021-39657",
"url": "https://bugzilla.suse.com/1193864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:36Z",
"details": "low"
}
],
"title": "CVE-2021-39657"
},
{
"cve": "CVE-2021-39685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-39685"
}
],
"notes": [
{
"category": "general",
"text": "In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-39685",
"url": "https://www.suse.com/security/cve/CVE-2021-39685"
},
{
"category": "external",
"summary": "SUSE Bug 1193802 for CVE-2021-39685",
"url": "https://bugzilla.suse.com/1193802"
},
{
"category": "external",
"summary": "SUSE Bug 1194459 for CVE-2021-39685",
"url": "https://bugzilla.suse.com/1194459"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:36Z",
"details": "important"
}
],
"title": "CVE-2021-39685"
},
{
"cve": "CVE-2021-4159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4159"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the Linux kernel\u0027s EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4159",
"url": "https://www.suse.com/security/cve/CVE-2021-4159"
},
{
"category": "external",
"summary": "SUSE Bug 1194227 for CVE-2021-4159",
"url": "https://bugzilla.suse.com/1194227"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:36Z",
"details": "moderate"
}
],
"title": "CVE-2021-4159"
},
{
"cve": "CVE-2021-44733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-44733"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-44733",
"url": "https://www.suse.com/security/cve/CVE-2021-44733"
},
{
"category": "external",
"summary": "SUSE Bug 1193767 for CVE-2021-44733",
"url": "https://bugzilla.suse.com/1193767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:36Z",
"details": "moderate"
}
],
"title": "CVE-2021-44733"
},
{
"cve": "CVE-2021-45095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45095"
}
],
"notes": [
{
"category": "general",
"text": "pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45095",
"url": "https://www.suse.com/security/cve/CVE-2021-45095"
},
{
"category": "external",
"summary": "SUSE Bug 1193867 for CVE-2021-45095",
"url": "https://bugzilla.suse.com/1193867"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:36Z",
"details": "moderate"
}
],
"title": "CVE-2021-45095"
},
{
"cve": "CVE-2022-0286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0286"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0286",
"url": "https://www.suse.com/security/cve/CVE-2022-0286"
},
{
"category": "external",
"summary": "SUSE Bug 1195371 for CVE-2022-0286",
"url": "https://bugzilla.suse.com/1195371"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:36Z",
"details": "moderate"
}
],
"title": "CVE-2022-0286"
},
{
"cve": "CVE-2022-0330",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0330"
}
],
"notes": [
{
"category": "general",
"text": "A random memory access flaw was found in the Linux kernel\u0027s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0330",
"url": "https://www.suse.com/security/cve/CVE-2022-0330"
},
{
"category": "external",
"summary": "SUSE Bug 1194880 for CVE-2022-0330",
"url": "https://bugzilla.suse.com/1194880"
},
{
"category": "external",
"summary": "SUSE Bug 1195950 for CVE-2022-0330",
"url": "https://bugzilla.suse.com/1195950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:36Z",
"details": "important"
}
],
"title": "CVE-2022-0330"
},
{
"cve": "CVE-2022-0435",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0435"
}
],
"notes": [
{
"category": "general",
"text": "A stack overflow flaw was found in the Linux kernel\u0027s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0435",
"url": "https://www.suse.com/security/cve/CVE-2022-0435"
},
{
"category": "external",
"summary": "SUSE Bug 1195254 for CVE-2022-0435",
"url": "https://bugzilla.suse.com/1195254"
},
{
"category": "external",
"summary": "SUSE Bug 1195308 for CVE-2022-0435",
"url": "https://bugzilla.suse.com/1195308"
},
{
"category": "external",
"summary": "SUSE Bug 1226672 for CVE-2022-0435",
"url": "https://bugzilla.suse.com/1226672"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:36Z",
"details": "important"
}
],
"title": "CVE-2022-0435"
},
{
"cve": "CVE-2022-22942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22942"
}
],
"notes": [
{
"category": "general",
"text": "The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling \u0027file\u0027 pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22942",
"url": "https://www.suse.com/security/cve/CVE-2022-22942"
},
{
"category": "external",
"summary": "SUSE Bug 1195065 for CVE-2022-22942",
"url": "https://bugzilla.suse.com/1195065"
},
{
"category": "external",
"summary": "SUSE Bug 1195951 for CVE-2022-22942",
"url": "https://bugzilla.suse.com/1195951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:cluster-md-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:dlm-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:gfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-extra-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-livepatch-devel-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-azure-optional-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:kernel-devel-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-source-azure-5.3.18-150300.38.40.4.noarch",
"openSUSE Leap 15.3:kernel-syms-azure-5.3.18-150300.38.40.1.x86_64",
"openSUSE Leap 15.3:kselftests-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:ocfs2-kmp-azure-5.3.18-150300.38.40.4.x86_64",
"openSUSE Leap 15.3:reiserfs-kmp-azure-5.3.18-150300.38.40.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-02-10T16:01:36Z",
"details": "important"
}
],
"title": "CVE-2022-22942"
}
]
}
gsd-2021-4159
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-4159",
"description": "A vulnerability was found in the Linux kernel\u0027s EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.",
"id": "GSD-2021-4159",
"references": [
"https://www.suse.com/security/cve/CVE-2021-4159.html",
"https://alas.aws.amazon.com/cve/html/CVE-2021-4159.html",
"https://ubuntu.com/security/CVE-2021-4159"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-4159"
],
"details": "A vulnerability was found in the Linux kernel\u0027s EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.",
"id": "GSD-2021-4159",
"modified": "2023-12-13T01:23:11.785448Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-4159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Fixed in v5.7-rc1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in the Linux kernel\u0027s EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-202",
"lang": "eng",
"value": "CWE-202 - Exposure of Sensitive Information Through Data Queries"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2036024",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036024"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2021-4159",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2021-4159"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2021-4159",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4159"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-4159"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability was found in the Linux kernel\u0027s EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/security/cve/CVE-2021-4159",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4159"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2036024",
"refsource": "MISC",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036024"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2021-4159",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4159"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd"
},
{
"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-10-06T15:30Z",
"publishedDate": "2022-08-24T16:15Z"
}
}
}
fkie_cve-2021-4159
Vulnerability from fkie_nvd
Published
2022-08-24 16:15
Modified
2024-11-21 06:37
Severity ?
Summary
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2021-4159 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2036024 | Issue Tracking | |
| secalert@redhat.com | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd | Mailing List, Patch, Vendor Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2021-4159 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2021-4159 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2036024 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2021-4159 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| redhat | enterprise_linux | 8.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3821E00-CCBB-4CD4-AD2C-D47DFF2F5A34",
"versionEndExcluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the Linux kernel\u0027s EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en el verificador EBPF del kernel de Linux cuando son manejadas estructuras de datos internas. Las ubicaciones de memoria interna pod\u00edan ser devueltas al espacio de usuario. Un atacante local con permisos para insertar c\u00f3digo eBPF en el kernel puede usar esto para filtrar detalles de la memoria interna del kernel derrotando algunas de las mitigaciones de explotaci\u00f3n en el lugar para el kernel."
}
],
"id": "CVE-2021-4159",
"lastModified": "2024-11-21T06:37:02.127",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-24T16:15:09.713",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4159"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036024"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4159"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-202"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…