Vulnerability-Lookup

CVE-2022-42719 (GCVE-0-2022-42719)

Vulnerability from cvelistv5 – Published: 2022-10-13 00:00 – Updated: 2025-05-15 20:48

Summary

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

11 references

URL	Tags
https://bugzilla.suse.com/show_bug.cgi?id=1204051
http://www.openwall.com/lists/oss-security/2022/10/13/2
http://www.openwall.com/lists/oss-security/2022/10/13/5
https://git.kernel.org/pub/scm/linux/kernel/git/w…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://www.debian.org/security/2022/dsa-5257	vendor-advisory
https://lists.debian.org/debian-lts-announce/2022…	mailing-list
https://security.netapp.com/advisory/ntap-2023020…
http://packetstormsecurity.com/files/171005/Kerne…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:10:41.474Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204051"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/10/13/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6"
          },
          {
            "name": "FEDORA-2022-2cfbe17910",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/"
          },
          {
            "name": "FEDORA-2022-b948fc3cfb",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/"
          },
          {
            "name": "FEDORA-2022-1a5b125ac6",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/"
          },
          {
            "name": "DSA-5257",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5257"
          },
          {
            "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230203-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-42719",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-15T20:47:37.163910Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T20:48:06.121Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-15T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204051"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2022/10/13/2"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6"
        },
        {
          "name": "FEDORA-2022-2cfbe17910",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/"
        },
        {
          "name": "FEDORA-2022-b948fc3cfb",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/"
        },
        {
          "name": "FEDORA-2022-1a5b125ac6",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/"
        },
        {
          "name": "DSA-5257",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5257"
        },
        {
          "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230203-0008/"
        },
        {
          "url": "http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-42719",
    "datePublished": "2022-10-13T00:00:00.000Z",
    "dateReserved": "2022-10-10T00:00:00.000Z",
    "dateUpdated": "2025-05-15T20:48:06.121Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-42719",
      "date": "2026-05-29",
      "epss": "0.00627",
      "percentile": "0.70554"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-42719\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-10-13T23:15:11.597\",\"lastModified\":\"2025-05-15T21:15:48.797\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.\"},{\"lang\":\"es\",\"value\":\"Un uso de memoria previamente liberada en la pila mac80211 cuando ea analizado un elemento multi-BSSID en el kernel de Linux versiones 5.2 hasta 5.19.14, podr\u00eda ser usado por atacantes (capaces de inyectar tramas WLAN) para bloquear el kernel y potencialmente ejecutar c\u00f3digo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2\",\"versionEndExcluding\":\"5.4.219\",\"matchCriteriaId\":\"123CF347-5C50-470C-9502-55A37F29B8FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.149\",\"matchCriteriaId\":\"DBDEE63F-4CF2-4F04-8E50-6CEF0E4BCF78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.74\",\"matchCriteriaId\":\"381A1822-66FA-4BF1-BCA9-7AF2DFCFFBE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"5.19.16\",\"matchCriteriaId\":\"950EB0FE-7220-47B0-A80D-CEFD803A69C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0\",\"versionEndExcluding\":\"6.0.2\",\"matchCriteriaId\":\"B0624AD1-5A88-463E-96D1-F938FCBA6EEA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/10/13/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/10/13/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1204051\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230203-0008/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5257\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/10/13/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/10/13/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=1204051\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20230203-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5257\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1204051\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/10/13/2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/10/13/5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/\", \"name\": \"FEDORA-2022-2cfbe17910\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/\", \"name\": \"FEDORA-2022-b948fc3cfb\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/\", \"name\": \"FEDORA-2022-1a5b125ac6\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5257\", \"name\": \"DSA-5257\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html\", \"name\": \"[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230203-0008/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T13:10:41.474Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-42719\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-15T20:47:37.163910Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-15T20:47:56.552Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=1204051\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/10/13/2\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/10/13/5\"}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/\", \"name\": \"FEDORA-2022-2cfbe17910\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/\", \"name\": \"FEDORA-2022-b948fc3cfb\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/\", \"name\": \"FEDORA-2022-1a5b125ac6\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5257\", \"name\": \"DSA-5257\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html\", \"name\": \"[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230203-0008/\"}, {\"url\": \"http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-02-15T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-42719\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-15T20:48:06.121Z\", \"dateReserved\": \"2022-10-10T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2022-10-13T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-0453

Vulnerability from certfr_avis - Published: 2023-06-13 - Updated: 2023-06-14

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SINAMICS GL150 versions antérieures à 7.2
Siemens	N/A	Teamcenter Visualization versions 13.3.x antérieures à 13.3.0.10
Siemens	N/A	SIMOTION D425-2 DP (6AU1425-2AA00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	CP-8050 MASTER MODULE (6MF2805-0AA00) versions antérieures à CPCI85 V05
Siemens	N/A	POWER METER SICAM Q200 family versions antérieures à 2.70
Siemens	N/A	SIMATIC NET PC Software V15 toutes versions
Siemens	N/A	SIMOTION D445-2 DP/PN (6AU1445-2AD00-0AA1) toutes versions
Siemens	N/A	SIMOTION D410-2 DP (6AU1410-2AA00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMATIC STEP 7 V5 versions antérieures à 5.7
Siemens	N/A	SIMOTION C240 (6AU1240-1AA00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMATIC S7-1500 TM MFP - Linux Kernel
Siemens	N/A	SINAUT Software ST7sc toutes versions
Siemens	N/A	SIMOTION P320-4 E (6AU1320-4DE65-3AF0) toutes versions
Siemens	N/A	Teamcenter Visualization versions 14.0.x antérieures à 14.0.0.6
Siemens	N/A	SIMOTION C240 PN (6AU1240-1AB00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMATIC NET PC Software V14 toutes versions
Siemens	N/A	SIMATIC PCS 7 V9.0 toutes versions
Siemens	N/A	SIMATIC PCS 7 V9.1 toutes versions
Siemens	N/A	SIMATIC S7-1500 TM MFP - BIOS
Siemens	N/A	SIMOTION D435-2 DP/PN (6AU1435-2AD00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SINAMICS SL150 versions antérieures à 7.2
Siemens	N/A	SINAMICS PERFECT HARMONY GH180 6SR5 versions antérieures à 7.2
Siemens	N/A	Teamcenter Visualization versions 13.2.x antérieures à 13.2.0.13
Siemens	N/A	SIMOTION D435-2 DP (6AU1435-2AA00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMOTION P320-4 S (6AU1320-4DS66-3AG0) toutes versions
Siemens	N/A	SIMATIC WinCC versions antérieures à 8.0
Siemens	N/A	Teamcenter Visualization versions 14.2.x antérieures à 14.2.0.3
Siemens	N/A	les contrôlleurs Desigo PX, se référer au bulletin ssa-824231 de l'éditeur pour la liste complète des versions affectées
Siemens	N/A	SIMOTION D445-2 DP/PN (6AU1445-2AD00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMATIC S7-PM toutes versions
Siemens	N/A	Solid Edge SE2023 versions antérieures à 223.0 Update 5
Siemens	N/A	JT2Go versions antérieures à 14.1.0.4
Siemens	N/A	SIMOTION D455-2 DP/PN (6AU1455-2AD00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMOTION D410-2 DP/PN (6AU1410-2AD00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	Teamcenter Visualization versions 14.1.x antérieures à 14.1.0.8
Siemens	N/A	CP-8031 MASTER MODULE (6MF2803-1AA00) versions antérieures à CPCI85 V05
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) versions 14 à 18
Siemens	N/A	SIMATIC PCS 7 toutes versions
Siemens	N/A	SIMOTION D425-2 DP/PN (6AU1425-2AD00-0AA0) versions antérieures à 5.5 SP1

References

Title

Publication Time

FKIE_CVE-2022-42719

Vulnerability from fkie_nvd - Published: 2022-10-13 23:15 - Updated: 2025-05-15 21:15

Severity

8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html
cve@mitre.org	http://www.openwall.com/lists/oss-security/2022/10/13/2	Mailing List, Patch, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2022/10/13/5	Exploit, Mailing List, Third Party Advisory
cve@mitre.org	https://bugzilla.suse.com/show_bug.cgi?id=1204051	Issue Tracking, Patch, Third Party Advisory
cve@mitre.org	https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6	Mailing List, Patch, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/
cve@mitre.org	https://security.netapp.com/advisory/ntap-20230203-0008/
cve@mitre.org	https://www.debian.org/security/2022/dsa-5257	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/10/13/2	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2022/10/13/5	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.suse.com/show_bug.cgi?id=1204051	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6	Mailing List, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230203-0008/
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2022/dsa-5257	Third Party Advisory

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
linux	linux_kernel	*
fedoraproject	fedora	35
fedoraproject	fedora	36
fedoraproject	fedora	37
debian	debian_linux	10.0
debian	debian_linux	11.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "123CF347-5C50-470C-9502-55A37F29B8FE",
              "versionEndExcluding": "5.4.219",
              "versionStartIncluding": "5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBDEE63F-4CF2-4F04-8E50-6CEF0E4BCF78",
              "versionEndExcluding": "5.10.149",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "381A1822-66FA-4BF1-BCA9-7AF2DFCFFBE4",
              "versionEndExcluding": "5.15.74",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "950EB0FE-7220-47B0-A80D-CEFD803A69C2",
              "versionEndExcluding": "5.19.16",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0624AD1-5A88-463E-96D1-F938FCBA6EEA",
              "versionEndExcluding": "6.0.2",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code."
    },
    {
      "lang": "es",
      "value": "Un uso de memoria previamente liberada en la pila mac80211 cuando ea analizado un elemento multi-BSSID en el kernel de Linux versiones 5.2 hasta 5.19.14, podr\u00eda ser usado por atacantes (capaces de inyectar tramas WLAN) para bloquear el kernel y potencialmente ejecutar c\u00f3digo"
    }
  ],
  "id": "CVE-2022-42719",
  "lastModified": "2025-05-15T21:15:48.797",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-10-13T23:15:11.597",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/10/13/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204051"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.netapp.com/advisory/ntap-20230203-0008/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/10/13/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204051"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230203-0008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5257"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-3HFV-3383-4HVP

Vulnerability from github – Published: 2022-10-14 12:00 – Updated: 2025-05-15 21:31

Details

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

Severity

8.8 (High)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-42719"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-13T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.",
  "id": "GHSA-3hfv-3383-4hvp",
  "modified": "2025-05-15T21:31:14Z",
  "published": "2022-10-14T12:00:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42719"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204051"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230203-0008"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5257"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/10/13/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-42719

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-42719

Aliases

CVE-2022-42719

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-42719",
    "description": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.",
    "id": "GSD-2022-42719",
    "references": [
      "https://security.archlinux.org/CVE-2022-42719",
      "https://advisories.mageia.org/CVE-2022-42719.html",
      "https://www.suse.com/security/cve/CVE-2022-42719.html",
      "https://ubuntu.com/security/CVE-2022-42719"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-42719"
      ],
      "details": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.",
      "id": "GSD-2022-42719",
      "modified": "2023-12-13T01:19:10.748868Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-42719",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.suse.com/show_bug.cgi?id=1204051",
            "refsource": "MISC",
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204051"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2022/10/13/2",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2022/10/13/2"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2022/10/13/5",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5"
          },
          {
            "name": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6",
            "refsource": "MISC",
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6"
          },
          {
            "name": "FEDORA-2022-2cfbe17910",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/"
          },
          {
            "name": "FEDORA-2022-b948fc3cfb",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/"
          },
          {
            "name": "FEDORA-2022-1a5b125ac6",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/"
          },
          {
            "name": "DSA-5257",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2022/dsa-5257"
          },
          {
            "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20230203-0008/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20230203-0008/"
          },
          {
            "name": "http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.2",
                "versionStartIncluding": "6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.4.219",
                "versionStartIncluding": "5.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.10.149",
                "versionStartIncluding": "5.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.15.74",
                "versionStartIncluding": "5.11",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.19.16",
                "versionStartIncluding": "5.16",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-42719"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1204051",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1204051"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2022/10/13/5",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/10/13/5"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2022/10/13/2",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/10/13/2"
            },
            {
              "name": "FEDORA-2022-2cfbe17910",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/"
            },
            {
              "name": "FEDORA-2022-b948fc3cfb",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/"
            },
            {
              "name": "FEDORA-2022-1a5b125ac6",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/"
            },
            {
              "name": "DSA-5257",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5257"
            },
            {
              "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20230203-0008/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20230203-0008/"
            },
            {
              "name": "http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-02-15T20:15Z",
      "publishedDate": "2022-10-13T23:15Z"
    }
  }
}

ICSA-23-166-11

Vulnerability from csaf_cisa - Published: 2023-06-13 00:00 - Updated: 2024-04-09 00:00

Summary

Siemens SIMATIC S7-1500 TM MFP Linux Kernel

Notes

Summary: Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.0. Siemens has released a new version for SIMATIC S7-1500 TM MFP - GNU/Linux subsystem and recommends to update to the latest version. This advisory lists vulnerabilities for firmware version V1.0 only; for V1.1 refer to Siemens Security Advisory SSA-265688 ( https://cert-portal.siemens.com/productcert/html/ssa-265688.html).

General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Terms of Use: Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.

Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Advisory Conversion Disclaimer: This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.

Critical infrastructure sectors: Multiple

Countries/areas deployed: Worldwide

Company headquarters location: Germany

Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.

Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

CVE-2020-12762

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2021-3759

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2021-4037

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-284 - Improper Access Control

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2021-33655

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2021-44879

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-0171

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-459 - Incomplete Cleanup

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1012

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1015

6.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1184

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1292

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1343

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CWE-295 - Improper Certificate Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1434

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1462

6.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1473

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1679

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1852

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1882

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2068

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2078

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-121 - Stack-based Buffer Overflow

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2097

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CWE-326 - Inadequate Encryption Strength

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2153

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2274

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2327

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-415 - Double Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2503

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-287 - Improper Authentication

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2586

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2588

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2602

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2663

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2905

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2959

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2978

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3028

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3104

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3115

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3169

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3303

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3521

2.5 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3524

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3534

8.0 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3545

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3564

7.1 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3565

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3586

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3594

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3606

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3621

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3625

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3628

6.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3629

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3633

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3635

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3646

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3649

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-4095

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-4129

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-667 - Improper Locking

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-4139

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-4269

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-833 - Deadlock

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-4304

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

CWE-326 - Inadequate Encryption Strength

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-4450

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE-415 - Double Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-4662

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-455 - Non-exit on Failed Initialization

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-20421

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-20422

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-20566

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-20572

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-863 - Incorrect Authorization

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-21123

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-459 - Incomplete Cleanup

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-21125

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-459 - Incomplete Cleanup

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-21166

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-459 - Incomplete Cleanup

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-21505

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-305 - Authentication Bypass by Primary Weakness

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-26373

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-311 - Missing Encryption of Sensitive Data

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-32250

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-32296

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CWE-203 - Observable Discrepancy

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-34918

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-36123

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-311 - Missing Encryption of Sensitive Data

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-36280

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-36879

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-36946

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-39188

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-39190

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-40307

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-40768

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-668 - Exposure of Resource to Wrong Sphere

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-41218

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-41222

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-41674

8.1 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-41849

4.2 (Medium)


                        
                          CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-41850

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42328

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-667 - Improper Locking

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42329

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-667 - Improper Locking

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42432

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-457 - Use of Uninitialized Variable

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42703

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42719

8.8 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42720

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42721

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42722

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42895

6.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-824 - Access of Uninitialized Pointer

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42896

8.8 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-43750

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-47518

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-47520

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-47929

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-47946

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-0215

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-0286

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-0464

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-295 - Improper Certificate Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-0465

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CWE-295 - Improper Certificate Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-0466

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CWE-295 - Improper Certificate Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-0590

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-1077

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-1095

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-1206

5.7 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-2898

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3141

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3268

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3338

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3389

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3446

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3609

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3610

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3611

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3772

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3773

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3777

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-4004

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-4015

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-4273

6.0 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

CWE-121 - Stack-based Buffer Overflow

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-4623

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-4911

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-121 - Stack-based Buffer Overflow

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-4921

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-5178

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-5197

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-5678

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-5717

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-6606

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-6931

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-6932

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-7008

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C

CWE-300 - Channel Accessible by Non-Endpoint

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-7104

5.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-23454

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-23455

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-23559

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-26607

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-31085

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-369 - Divide By Zero

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-31436

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-32233

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-35001

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-35827

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-36660

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-37453

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-39189

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-39192

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-39193

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-39194

3.2 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-42753

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-42754

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-42755

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-45863

6.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-45871

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-48795

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C

CWE-222 - Truncation of Security-relevant Information

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-50495

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-51384

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-51385

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-51767

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2024-0232

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2024-0553

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-203 - Observable Discrepancy

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2024-0567

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-347 - Improper Verification of Cryptographic Signature

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2024-0584

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2024-0684

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2024-22365

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2024-25062

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

References

12 references

URL	Category
https://cert-portal.siemens.com/productcert/csaf/…	self
https://cert-portal.siemens.com/productcert/html/…	self
https://cert-portal.siemens.com/productcert/pdf/s…	self
https://cert-portal.siemens.com/productcert/txt/s…	self
https://raw.githubusercontent.com/cisagov/CSAF/de…	self
https://www.cisa.gov/news-events/ics-advisories/i…	self
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-…	external
https://www.cisa.gov/resources-tools/resources/ic…	external
https://www.cisa.gov/topics/industrial-control-systems	external
https://us-cert.cisa.gov/sites/default/files/reco…	external
https://www.cisa.gov/sites/default/files/publicat…	external
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B	external

Acknowledgments

Siemens ProductCERT

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Siemens ProductCERT",
        "summary": "reporting these vulnerabilities to CISA."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.0.\n\nSiemens has released a new version for SIMATIC S7-1500 TM MFP -\u00a0GNU/Linux subsystem and recommends to update to the latest version.\n\nThis advisory lists vulnerabilities for firmware version V1.0 only; for V1.1 refer to Siemens Security Advisory SSA-265688 (\nhttps://cert-portal.siemens.com/productcert/html/ssa-265688.html).",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "other",
        "text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
        "title": "Advisory Conversion Disclaimer"
      },
      {
        "category": "other",
        "text": "Multiple",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-794697.json"
      },
      {
        "category": "self",
        "summary": "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html"
      },
      {
        "category": "self",
        "summary": "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794697.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-794697.txt"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-23-166-11 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-166-11.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-23-166-11 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-11"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Siemens SIMATIC S7-1500 TM MFP Linux Kernel",
    "tracking": {
      "current_release_date": "2024-04-09T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-23-166-11",
      "initial_release_date": "2023-06-13T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2023-06-13T00:00:00.000000Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2023-07-11T00:00:00.000000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added CVE-2022-4269, CVE-2023-3141, CVE-2023-3268, CVE-2023-31436, CVE-2023-32233"
        },
        {
          "date": "2023-08-08T00:00:00.000000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added CVE-2023-3446, CVE-2023-3389, CVE-2022-1015, \r\nCVE-2023-3609"
        },
        {
          "date": "2023-09-12T00:00:00.000000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added CVE-2023-3338"
        },
        {
          "date": "2023-11-14T00:00:00.000000Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Added CVE-2023-1206, CVE-2023-2898, CVE-2023-3610, CVE-2023-3611, CVE-2023-3772, CVE-2023-3773, CVE-2023-3777, CVE-2023-4004, CVE-2023-4015, CVE-2023-4273, CVE-2023-4623, CVE-2023-4921, CVE-2023-35001, CVE-2023-37453, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42753, CVE-2023-42755"
        },
        {
          "date": "2023-12-12T00:00:00.000000Z",
          "legacy_version": "1.5",
          "number": "6",
          "summary": "Added CVE-2021-44879, CVE-2023-5178, CVE-2023-5197, CVE-2023-5678, CVE-2023-5717, CVE-2023-31085, CVE-2023-35827, CVE-2023-39189, CVE-2023-42754, CVE-2023-45863, CVE-2023-45871"
        },
        {
          "date": "2024-01-09T00:00:00.000000Z",
          "legacy_version": "1.6",
          "number": "7",
          "summary": "Added CVE-2023-48795"
        },
        {
          "date": "2024-02-13T00:00:00.000000Z",
          "legacy_version": "1.7",
          "number": "8",
          "summary": "Added CVE-2020-12762, CVE-2023-6606, CVE-2023-6931, CVE-2023-6932, CVE-2023-7008, CVE-2023-7104, CVE-2023-36660, CVE-2023-50495, CVE-2023-51384, CVE-2023-51385, CVE-2023-51767, CVE-2024-0232, CVE-2024-0553, CVE-2024-0567, CVE-2024-0584, CVE-2024-0684, CVE-2024-22365, CVE-2024-25062"
        },
        {
          "date": "2024-04-09T00:00:00.000000Z",
          "legacy_version": "1.8",
          "number": "9",
          "summary": "Added fix for SIMATIC S7-1500 TM MFP - GNU/Linux subsystem"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV1.1",
                "product": {
                  "name": "SIMATIC S7-1500 TM MFP -\u00a0GNU/Linux subsystem",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 TM MFP -\u00a0GNU/Linux subsystem"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-12762",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "summary",
          "text": "json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2020-12762"
    },
    {
      "cve": "CVE-2021-3759",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A memory overflow vulnerability was found in the Linux kernel\u2019s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2021-3759"
    },
    {
      "cve": "CVE-2021-4037",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2021-4037"
    },
    {
      "cve": "CVE-2021-33655",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2021-33655"
    },
    {
      "cve": "CVE-2021-44879",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2021-44879"
    },
    {
      "cve": "CVE-2022-0171",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-0171"
    },
    {
      "cve": "CVE-2022-1012",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-1012"
    },
    {
      "cve": "CVE-2022-1015",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-1015"
    },
    {
      "cve": "CVE-2022-1184",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel\u2019s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-1184"
    },
    {
      "cve": "CVE-2022-1292",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-1292"
    },
    {
      "cve": "CVE-2022-1343",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Under certain circumstances, the command line OCSP verify function reports successful verification when the verification in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-1343"
    },
    {
      "cve": "CVE-2022-1434",
      "cwe": {
        "id": "CWE-327",
        "name": "Use of a Broken or Risky Cryptographic Algorithm"
      },
      "notes": [
        {
          "category": "summary",
          "text": "When using the RC4-MD5 ciphersuite, which is disabled by default, an attacker is able to modify data in transit due to an incorrect use of the AAD data as the MAC key in OpenSSL 3.0. An attacker is not able to decrypt any communication.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-1434"
    },
    {
      "cve": "CVE-2022-1462",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An out-of-bounds read flaw was found in the Linux kernel\u2019s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-1462"
    },
    {
      "cve": "CVE-2022-1473",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The used OpenSSL version improperly reuses memory when decoding certificates or keys. This can lead to a process termination and Denial of Service for long lived processes.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-1473"
    },
    {
      "cve": "CVE-2022-1679",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free flaw was found in the Linux kernel\u2019s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-1679"
    },
    {
      "cve": "CVE-2022-1852",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A NULL pointer dereference flaw was found in the Linux kernel\u2019s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-1852"
    },
    {
      "cve": "CVE-2022-1882",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free flaw was found in the Linux kernel\u2019s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-1882"
    },
    {
      "cve": "CVE-2022-2068",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-2068"
    },
    {
      "cve": "CVE-2022-2078",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in the Linux kernel\u0027s nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-2078"
    },
    {
      "cve": "CVE-2022-2097",
      "cwe": {
        "id": "CWE-326",
        "name": "Inadequate Encryption Strength"
      },
      "notes": [
        {
          "category": "summary",
          "text": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn\u0027t written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-2097"
    },
    {
      "cve": "CVE-2022-2153",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel\u2019s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-2153"
    },
    {
      "cve": "CVE-2022-2274",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-2274"
    },
    {
      "cve": "CVE-2022-2327",
      "cwe": {
        "id": "CWE-415",
        "name": "Double Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-2327"
    },
    {
      "cve": "CVE-2022-2503",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-2503"
    },
    {
      "cve": "CVE-2022-2586",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-2586"
    },
    {
      "cve": "CVE-2022-2588",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-2588"
    },
    {
      "cve": "CVE-2022-2602",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel. A race issue occurs between an io_uring request and the Unix socket garbage collector, allowing an attacker local privilege escalation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-2602"
    },
    {
      "cve": "CVE-2022-2663",
      "cwe": {
        "id": "CWE-923",
        "name": "Improper Restriction of Communication Channel to Intended Endpoints"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-2663"
    },
    {
      "cve": "CVE-2022-2905",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An out-of-bounds memory read flaw was found in the Linux kernel\u0027s BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-2905"
    },
    {
      "cve": "CVE-2022-2959",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A race condition was found in the Linux kernel\u0027s watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-2959"
    },
    {
      "cve": "CVE-2022-2978",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-2978"
    },
    {
      "cve": "CVE-2022-3028",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A race condition was found in the Linux kernel\u0027s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3028"
    },
    {
      "cve": "CVE-2022-3104",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3104"
    },
    {
      "cve": "CVE-2022-3115",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3115"
    },
    {
      "cve": "CVE-2022-3169",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3169"
    },
    {
      "cve": "CVE-2022-3303",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3303"
    },
    {
      "cve": "CVE-2022-3521",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3521"
    },
    {
      "cve": "CVE-2022-3524",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3524"
    },
    {
      "cve": "CVE-2022-3534",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3534"
    },
    {
      "cve": "CVE-2022-3545",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3545"
    },
    {
      "cve": "CVE-2022-3564",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3564"
    },
    {
      "cve": "CVE-2022-3565",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3565"
    },
    {
      "cve": "CVE-2022-3586",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel\u2019s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3586"
    },
    {
      "cve": "CVE-2022-3594",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3594"
    },
    {
      "cve": "CVE-2022-3606",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3606"
    },
    {
      "cve": "CVE-2022-3621",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3621"
    },
    {
      "cve": "CVE-2022-3625",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3625"
    },
    {
      "cve": "CVE-2022-3628",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3628"
    },
    {
      "cve": "CVE-2022-3629",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3629"
    },
    {
      "cve": "CVE-2022-3633",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3633"
    },
    {
      "cve": "CVE-2022-3635",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3635"
    },
    {
      "cve": "CVE-2022-3646",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3646"
    },
    {
      "cve": "CVE-2022-3649",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-3649"
    },
    {
      "cve": "CVE-2022-4095",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-4095"
    },
    {
      "cve": "CVE-2022-4129",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel\u0027s Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-4129"
    },
    {
      "cve": "CVE-2022-4139",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An incorrect TLB flush issue was found in the Linux kernel\u2019s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-4139"
    },
    {
      "cve": "CVE-2022-4269",
      "cwe": {
        "id": "CWE-833",
        "name": "Deadlock"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action \"mirred\") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-4269"
    },
    {
      "cve": "CVE-2022-4304",
      "cwe": {
        "id": "CWE-326",
        "name": "Inadequate Encryption Strength"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-4304"
    },
    {
      "cve": "CVE-2022-4450",
      "cwe": {
        "id": "CWE-415",
        "name": "Double Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-4450"
    },
    {
      "cve": "CVE-2022-4662",
      "cwe": {
        "id": "CWE-455",
        "name": "Non-exit on Failed Initialization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-4662"
    },
    {
      "cve": "CVE-2022-20421",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-20421"
    },
    {
      "cve": "CVE-2022-20422",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-20422"
    },
    {
      "cve": "CVE-2022-20566",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-20566"
    },
    {
      "cve": "CVE-2022-20572",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-20572"
    },
    {
      "cve": "CVE-2022-21123",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-21123"
    },
    {
      "cve": "CVE-2022-21125",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-21125"
    },
    {
      "cve": "CVE-2022-21166",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-21166"
    },
    {
      "cve": "CVE-2022-21505",
      "cwe": {
        "id": "CWE-305",
        "name": "Authentication Bypass by Primary Weakness"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel lockdown was enabled",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-21505"
    },
    {
      "cve": "CVE-2022-26373",
      "cwe": {
        "id": "CWE-311",
        "name": "Missing Encryption of Sensitive Data"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-26373"
    },
    {
      "cve": "CVE-2022-32250",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-32250"
    },
    {
      "cve": "CVE-2022-32296",
      "cwe": {
        "id": "CWE-203",
        "name": "Observable Discrepancy"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (\"Double-Hash Port Selection Algorithm\") of RFC 6056.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-32296"
    },
    {
      "cve": "CVE-2022-34918",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-34918"
    },
    {
      "cve": "CVE-2022-36123",
      "cwe": {
        "id": "CWE-311",
        "name": "Missing Encryption of Sensitive Data"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-36123"
    },
    {
      "cve": "CVE-2022-36280",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-36280"
    },
    {
      "cve": "CVE-2022-36879",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-36879"
    },
    {
      "cve": "CVE-2022-36946",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb-\u003elen.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-36946"
    },
    {
      "cve": "CVE-2022-39188",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-39188"
    },
    {
      "cve": "CVE-2022-39190",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-39190"
    },
    {
      "cve": "CVE-2022-40307",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-40307"
    },
    {
      "cve": "CVE-2022-40768",
      "cwe": {
        "id": "CWE-668",
        "name": "Exposure of Resource to Wrong Sphere"
      },
      "notes": [
        {
          "category": "summary",
          "text": "drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-40768"
    },
    {
      "cve": "CVE-2022-41218",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-41218"
    },
    {
      "cve": "CVE-2022-41222",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-41222"
    },
    {
      "cve": "CVE-2022-41674",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-41674"
    },
    {
      "cve": "CVE-2022-41849",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-41849"
    },
    {
      "cve": "CVE-2022-41850",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report-\u003evalue is in progress.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-41850"
    },
    {
      "cve": "CVE-2022-42328",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Guests can trigger deadlock in Linux netback driver [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-42328"
    },
    {
      "cve": "CVE-2022-42329",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Guests can trigger deadlock in Linux netback drive. The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-42329"
    },
    {
      "cve": "CVE-2022-42432",
      "cwe": {
        "id": "CWE-457",
        "name": "Use of Uninitialized Variable"
      },
      "notes": [
        {
          "category": "summary",
          "text": "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nft_osf_eval function. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-18540.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-42432"
    },
    {
      "cve": "CVE-2022-42703",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-42703"
    },
    {
      "cve": "CVE-2022-42719",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-42719"
    },
    {
      "cve": "CVE-2022-42720",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-42720"
    },
    {
      "cve": "CVE-2022-42721",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-42721"
    },
    {
      "cve": "CVE-2022-42722",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-42722"
    },
    {
      "cve": "CVE-2022-42895",
      "cwe": {
        "id": "CWE-824",
        "name": "Access of Uninitialized Pointer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "There is an infoleak vulnerability in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-42895"
    },
    {
      "cve": "CVE-2022-42896",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "There are use-after-free vulnerabilities in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-42896"
    },
    {
      "cve": "CVE-2022-43750",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor\u0027s internal memory.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-43750"
    },
    {
      "cve": "CVE-2022-47518",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-47518"
    },
    {
      "cve": "CVE-2022-47520",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-47520"
    },
    {
      "cve": "CVE-2022-47929",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with \"tc qdisc\" and \"tc class\" commands. This affects qdisc_graft in net/sched/sch_api.c.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-47929"
    },
    {
      "cve": "CVE-2022-47946",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2022-47946"
    },
    {
      "cve": "CVE-2023-0215",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-0215"
    },
    {
      "cve": "CVE-2023-0286",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-0286"
    },
    {
      "cve": "CVE-2023-0464",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing the `-policy` argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()` function.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-0464"
    },
    {
      "cve": "CVE-2023-0465",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Applications that use a non-default option when verifying certificates may be\r\nvulnerable to an attack from a malicious CA to circumvent certain checks.\r\n\r\nInvalid certificate policies in leaf certificates are silently ignored by\r\nOpenSSL and other certificate policy checks are skipped for that certificate.\r\nA malicious CA could use this to deliberately assert invalid certificate policies\r\nin order to circumvent policy checking on the certificate altogether.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing\r\nthe `-policy` argument to the command line utilities or by calling the\r\n`X509_VERIFY_PARAM_set1_policies()` function.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-0465"
    },
    {
      "cve": "CVE-2023-0466",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-0466"
    },
    {
      "cve": "CVE-2023-0590",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-0590"
    },
    {
      "cve": "CVE-2023-1077",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-1077"
    },
    {
      "cve": "CVE-2023-1095",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-1095"
    },
    {
      "cve": "CVE-2023-1206",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel\u2019s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-1206"
    },
    {
      "cve": "CVE-2023-2898",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-2898"
    },
    {
      "cve": "CVE-2023-3141",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-3141"
    },
    {
      "cve": "CVE-2023-3268",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-3268"
    },
    {
      "cve": "CVE-2023-3338",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A null pointer dereference flaw was found in the Linux kernel\u0027s DECnet networking protocol. This issue could allow a remote user to crash the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-3338"
    },
    {
      "cve": "CVE-2023-3389",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\r\n\r\nWe recommend upgrading past commit `ef7dfac51d8ed961b742218f526bd589f3900a59`  \r\n(`4716c73b188566865bdd79c3a6709696a224ac04` for 5.10 stable and   \r\n`0e388fce7aec40992eadee654193cad345d62663` for 5.15 stable).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-3389"
    },
    {
      "cve": "CVE-2023-3446",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus (\u0027p\u0027 parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the \u0027-check\u0027 option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-3446"
    },
    {
      "cve": "CVE-2023-3609",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\r\n\r\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-3609"
    },
    {
      "cve": "CVE-2023-3610",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nFlaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-3610"
    },
    {
      "cve": "CVE-2023-3611",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An out-of-bounds write vulnerability in the Linux kernel\u0027s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\r\n\r\nThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-3611"
    },
    {
      "cve": "CVE-2023-3772",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel\u0027s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-3772"
    },
    {
      "cve": "CVE-2023-3773",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel\u0027s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-3773"
    },
    {
      "cve": "CVE-2023-3777",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nWhen nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain\u0027s owner rule can also release the objects in certain circumstances.\n\nWe recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-3777"
    },
    {
      "cve": "CVE-2023-4004",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free flaw was found in the Linux kernel\u0027s netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-4004"
    },
    {
      "cve": "CVE-2023-4015",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The netfilter subsystem in the Linux kernel did not properly handle bound chain deactivation in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-4015"
    },
    {
      "cve": "CVE-2023-4273",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "This vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this vulnerability to overflow the kernel stack.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-4273"
    },
    {
      "cve": "CVE-2023-4623",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-4623"
    },
    {
      "cve": "CVE-2023-4911",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A buffer overflow was discovered in the GNU C Library\u0027s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-4911"
    },
    {
      "cve": "CVE-2023-4921",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-4921"
    },
    {
      "cve": "CVE-2023-5178",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious local privileged user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-5178"
    },
    {
      "cve": "CVE-2023-5197",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nAddition and removal of rules from chain bindings within the same transaction causes leads to use-after-free.\r\n\r\nWe recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-5197"
    },
    {
      "cve": "CVE-2023-5678",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn\u0027t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn\u0027t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-5678"
    },
    {
      "cve": "CVE-2023-5717",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\r\n\r\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\r\n\r\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-5717"
    },
    {
      "cve": "CVE-2023-6606",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-6606"
    },
    {
      "cve": "CVE-2023-6931",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Performance Events system component can be exploited to achieve local privilege escalation.\n\nA perf_event\u0027s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\n\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-6931"
    },
    {
      "cve": "CVE-2023-6932",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-6932"
    },
    {
      "cve": "CVE-2023-7008",
      "cwe": {
        "id": "CWE-300",
        "name": "Channel Accessible by Non-Endpoint"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-7008"
    },
    {
      "cve": "CVE-2023-7104",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-7104"
    },
    {
      "cve": "CVE-2023-23454",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-23454"
    },
    {
      "cve": "CVE-2023-23455",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-23455"
    },
    {
      "cve": "CVE-2023-23559",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-23559"
    },
    {
      "cve": "CVE-2023-26607",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-26607"
    },
    {
      "cve": "CVE-2023-31085",
      "cwe": {
        "id": "CWE-369",
        "name": "Divide By Zero"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd-\u003eerasesize), used indirectly by ctrl_cdev_ioctl, when mtd-\u003eerasesize is 0.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-31085"
    },
    {
      "cve": "CVE-2023-31436",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-31436"
    },
    {
      "cve": "CVE-2023-32233",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-32233"
    },
    {
      "cve": "CVE-2023-35001",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-35001"
    },
    {
      "cve": "CVE-2023-35827",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-35827"
    },
    {
      "cve": "CVE-2023-36660",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-36660"
    },
    {
      "cve": "CVE-2023-37453",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-37453"
    },
    {
      "cve": "CVE-2023-39189",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-39189"
    },
    {
      "cve": "CVE-2023-39192",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-39192"
    },
    {
      "cve": "CVE-2023-39193",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-39193"
    },
    {
      "cve": "CVE-2023-39194",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-39194"
    },
    {
      "cve": "CVE-2023-42753",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h-\u003enets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-42753"
    },
    {
      "cve": "CVE-2023-42754",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-42754"
    },
    {
      "cve": "CVE-2023-42755",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-42755"
    },
    {
      "cve": "CVE-2023-45863",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-45863"
    },
    {
      "cve": "CVE-2023-45871",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-45871"
    },
    {
      "cve": "CVE-2023-48795",
      "cwe": {
        "id": "CWE-222",
        "name": "Truncation of Security-relevant Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-50495",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-50495"
    },
    {
      "cve": "CVE-2023-51384",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-51384"
    },
    {
      "cve": "CVE-2023-51385",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-51385"
    },
    {
      "cve": "CVE-2023-51767",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2023-51767"
    },
    {
      "cve": "CVE-2024-0232",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2024-0232"
    },
    {
      "cve": "CVE-2024-0553",
      "cwe": {
        "id": "CWE-203",
        "name": "Observable Discrepancy"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2024-0553"
    },
    {
      "cve": "CVE-2024-0567",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2024-0567"
    },
    {
      "cve": "CVE-2024-0584",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in the network sub-component in the Linux Kernel. This flaw allows a local user to observe a refcnt use-after-free issue when receiving an igmp query packet, leading to a kernel information leak.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2024-0584"
    },
    {
      "cve": "CVE-2024-0684",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the GNU coreutils \"split\" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2024-0684"
    },
    {
      "cve": "CVE-2024-22365",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2024-22365"
    },
    {
      "cve": "CVE-2024-25062",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2024-25062"
    }
  ]
}

MSRC_CVE-2022-42719

Vulnerability from csaf_microsoft - Published: 2022-10-02 00:00 - Updated: 2022-10-19 00:00

Summary

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2022-42719

8.8 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 18582-16820		—
Unresolved product id: 18588-17086		—

Known affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 16820-2		—	Vendor Fix fix
Unresolved product id: 17086-1		—	Vendor Fix fix

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2022/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2022/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2022-42719 A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-42719.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.",
    "tracking": {
      "current_release_date": "2022-10-19T00:00:00.000Z",
      "generator": {
        "date": "2025-12-27T17:27:57.936Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2022-42719",
      "initial_release_date": "2022-10-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2022-10-19T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.0",
                "product": {
                  "name": "CBL Mariner 1.0",
                  "product_id": "16820"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccm1 kernel 5.10.149.1-1",
                "product": {
                  "name": "\u003ccm1 kernel 5.10.149.1-1",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "cm1 kernel 5.10.149.1-1",
                "product": {
                  "name": "cm1 kernel 5.10.149.1-1",
                  "product_id": "18582"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 kernel 5.15.74.1-3",
                "product": {
                  "name": "\u003ccbl2 kernel 5.15.74.1-3",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 kernel 5.15.74.1-3",
                "product": {
                  "name": "cbl2 kernel 5.15.74.1-3",
                  "product_id": "18588"
                }
              }
            ],
            "category": "product_name",
            "name": "kernel"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccm1 kernel 5.10.149.1-1 as a component of CBL Mariner 1.0",
          "product_id": "16820-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cm1 kernel 5.10.149.1-1 as a component of CBL Mariner 1.0",
          "product_id": "18582-16820"
        },
        "product_reference": "18582",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 kernel 5.15.74.1-3 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 kernel 5.15.74.1-3 as a component of CBL Mariner 2.0",
          "product_id": "18588-17086"
        },
        "product_reference": "18588",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-42719",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "18582-16820",
          "18588-17086"
        ],
        "known_affected": [
          "16820-2",
          "17086-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-42719 A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-42719.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-10-19T00:00:00.000Z",
          "details": "5.10.149.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "16820-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2022-10-19T00:00:00.000Z",
          "details": "5.15.74.1-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "16820-2",
            "17086-1"
          ]
        }
      ],
      "title": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code."
    }
  ]
}

OPENSUSE-SU-2024:12437-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

kernel-devel-6.0.3-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: kernel-devel-6.0.3-1.1 on GA media

Description of the patch: These are all security issues fixed in the kernel-devel-6.0.3-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-12437

CVE-2022-41674

8.8 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-42719

7.5 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-42720

7.5 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-42721

7.5 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-42722

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 16 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

27 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2022-41674/	self
https://www.suse.com/security/cve/CVE-2022-42719/	self
https://www.suse.com/security/cve/CVE-2022-42720/	self
https://www.suse.com/security/cve/CVE-2022-42721/	self
https://www.suse.com/security/cve/CVE-2022-42722/	self
https://www.suse.com/security/cve/CVE-2022-41674	external
https://bugzilla.suse.com/1203770	external
https://bugzilla.suse.com/1203994	external
https://bugzilla.suse.com/1209225	external
https://www.suse.com/security/cve/CVE-2022-42719	external
https://bugzilla.suse.com/1204051	external
https://bugzilla.suse.com/1204292	external
https://bugzilla.suse.com/1209225	external
https://www.suse.com/security/cve/CVE-2022-42720	external
https://bugzilla.suse.com/1204059	external
https://bugzilla.suse.com/1204291	external
https://bugzilla.suse.com/1209225	external
https://www.suse.com/security/cve/CVE-2022-42721	external
https://bugzilla.suse.com/1204060	external
https://bugzilla.suse.com/1204290	external
https://bugzilla.suse.com/1209225	external
https://www.suse.com/security/cve/CVE-2022-42722	external
https://bugzilla.suse.com/1204125	external
https://bugzilla.suse.com/1204289	external
https://bugzilla.suse.com/1209225	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "kernel-devel-6.0.3-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the kernel-devel-6.0.3-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-12437",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12437-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-41674 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-41674/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42719 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42719/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42720 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42720/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42721 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42721/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42722 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42722/"
      }
    ],
    "title": "kernel-devel-6.0.3-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:12437-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-6.0.3-1.1.aarch64",
                "product": {
                  "name": "kernel-devel-6.0.3-1.1.aarch64",
                  "product_id": "kernel-devel-6.0.3-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-macros-6.0.3-1.1.aarch64",
                "product": {
                  "name": "kernel-macros-6.0.3-1.1.aarch64",
                  "product_id": "kernel-macros-6.0.3-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-6.0.3-1.1.aarch64",
                "product": {
                  "name": "kernel-source-6.0.3-1.1.aarch64",
                  "product_id": "kernel-source-6.0.3-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-vanilla-6.0.3-1.1.aarch64",
                "product": {
                  "name": "kernel-source-vanilla-6.0.3-1.1.aarch64",
                  "product_id": "kernel-source-vanilla-6.0.3-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-6.0.3-1.1.ppc64le",
                "product": {
                  "name": "kernel-devel-6.0.3-1.1.ppc64le",
                  "product_id": "kernel-devel-6.0.3-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-macros-6.0.3-1.1.ppc64le",
                "product": {
                  "name": "kernel-macros-6.0.3-1.1.ppc64le",
                  "product_id": "kernel-macros-6.0.3-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-6.0.3-1.1.ppc64le",
                "product": {
                  "name": "kernel-source-6.0.3-1.1.ppc64le",
                  "product_id": "kernel-source-6.0.3-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-vanilla-6.0.3-1.1.ppc64le",
                "product": {
                  "name": "kernel-source-vanilla-6.0.3-1.1.ppc64le",
                  "product_id": "kernel-source-vanilla-6.0.3-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-6.0.3-1.1.s390x",
                "product": {
                  "name": "kernel-devel-6.0.3-1.1.s390x",
                  "product_id": "kernel-devel-6.0.3-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-macros-6.0.3-1.1.s390x",
                "product": {
                  "name": "kernel-macros-6.0.3-1.1.s390x",
                  "product_id": "kernel-macros-6.0.3-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-6.0.3-1.1.s390x",
                "product": {
                  "name": "kernel-source-6.0.3-1.1.s390x",
                  "product_id": "kernel-source-6.0.3-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-vanilla-6.0.3-1.1.s390x",
                "product": {
                  "name": "kernel-source-vanilla-6.0.3-1.1.s390x",
                  "product_id": "kernel-source-vanilla-6.0.3-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-6.0.3-1.1.x86_64",
                "product": {
                  "name": "kernel-devel-6.0.3-1.1.x86_64",
                  "product_id": "kernel-devel-6.0.3-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-macros-6.0.3-1.1.x86_64",
                "product": {
                  "name": "kernel-macros-6.0.3-1.1.x86_64",
                  "product_id": "kernel-macros-6.0.3-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-6.0.3-1.1.x86_64",
                "product": {
                  "name": "kernel-source-6.0.3-1.1.x86_64",
                  "product_id": "kernel-source-6.0.3-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-vanilla-6.0.3-1.1.x86_64",
                "product": {
                  "name": "kernel-source-vanilla-6.0.3-1.1.x86_64",
                  "product_id": "kernel-source-vanilla-6.0.3-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-6.0.3-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64"
        },
        "product_reference": "kernel-devel-6.0.3-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-6.0.3-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le"
        },
        "product_reference": "kernel-devel-6.0.3-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-6.0.3-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x"
        },
        "product_reference": "kernel-devel-6.0.3-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-6.0.3-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64"
        },
        "product_reference": "kernel-devel-6.0.3-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-macros-6.0.3-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64"
        },
        "product_reference": "kernel-macros-6.0.3-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-macros-6.0.3-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le"
        },
        "product_reference": "kernel-macros-6.0.3-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-macros-6.0.3-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x"
        },
        "product_reference": "kernel-macros-6.0.3-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-macros-6.0.3-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64"
        },
        "product_reference": "kernel-macros-6.0.3-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-6.0.3-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64"
        },
        "product_reference": "kernel-source-6.0.3-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-6.0.3-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le"
        },
        "product_reference": "kernel-source-6.0.3-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-6.0.3-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x"
        },
        "product_reference": "kernel-source-6.0.3-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-6.0.3-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64"
        },
        "product_reference": "kernel-source-6.0.3-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-vanilla-6.0.3-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64"
        },
        "product_reference": "kernel-source-vanilla-6.0.3-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-vanilla-6.0.3-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le"
        },
        "product_reference": "kernel-source-vanilla-6.0.3-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-vanilla-6.0.3-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x"
        },
        "product_reference": "kernel-source-vanilla-6.0.3-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-vanilla-6.0.3-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64"
        },
        "product_reference": "kernel-source-vanilla-6.0.3-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-41674",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-41674"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-41674",
          "url": "https://www.suse.com/security/cve/CVE-2022-41674"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203770 for CVE-2022-41674",
          "url": "https://bugzilla.suse.com/1203770"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203994 for CVE-2022-41674",
          "url": "https://bugzilla.suse.com/1203994"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-41674",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-41674"
    },
    {
      "cve": "CVE-2022-42719",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42719"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42719",
          "url": "https://www.suse.com/security/cve/CVE-2022-42719"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204051 for CVE-2022-42719",
          "url": "https://bugzilla.suse.com/1204051"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204292 for CVE-2022-42719",
          "url": "https://bugzilla.suse.com/1204292"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-42719",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-42719"
    },
    {
      "cve": "CVE-2022-42720",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42720"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42720",
          "url": "https://www.suse.com/security/cve/CVE-2022-42720"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204059 for CVE-2022-42720",
          "url": "https://bugzilla.suse.com/1204059"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204291 for CVE-2022-42720",
          "url": "https://bugzilla.suse.com/1204291"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-42720",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-42720"
    },
    {
      "cve": "CVE-2022-42721",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42721"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42721",
          "url": "https://www.suse.com/security/cve/CVE-2022-42721"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204060 for CVE-2022-42721",
          "url": "https://bugzilla.suse.com/1204060"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204290 for CVE-2022-42721",
          "url": "https://bugzilla.suse.com/1204290"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-42721",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-42721"
    },
    {
      "cve": "CVE-2022-42722",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42722"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42722",
          "url": "https://www.suse.com/security/cve/CVE-2022-42722"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204125 for CVE-2022-42722",
          "url": "https://bugzilla.suse.com/1204125"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204289 for CVE-2022-42722",
          "url": "https://bugzilla.suse.com/1204289"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-42722",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-macros-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-6.0.3-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-vanilla-6.0.3-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-42722"
    }
  ]
}

OPENSUSE-SU-2024:13704-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

kernel-devel-longterm-6.6.17-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: kernel-devel-longterm-6.6.17-1.1 on GA media

Description of the patch: These are all security issues fixed in the kernel-devel-longterm-6.6.17-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-13704

CVE-2016-3695

2.2 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2017-1000251

8.8 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-12153

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2017-13080

8.1 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-14051

6.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-15129

6.1 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-15265

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-16536

4.6 (Medium)


                        
                          CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-16537

4.6 (Medium)


                        
                          CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-16645

4.6 (Medium)


                        
                          CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-16646

4.6 (Medium)


                        
                          CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-16647

4.6 (Medium)


                        
                          CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-16648

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-16995

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-16996

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-17448

5.7 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-17449

4.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-17450

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-17852

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-17853

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-17854

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-17855

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-17856

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-17857

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-17862

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-5123

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-5715

7.1 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-5753

5.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-5754

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7541

6.2 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-7542

6.2 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-8824

8.4 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-8831

6.7 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-1000004

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-10322

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-10323

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-1068

8.4 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-1118

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2018-12232

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-12714

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-13053

3.3 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2018-18710

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-19824

6.6 (Medium)


                        
                          CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-5332

3.6 (Low)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2018-5333

2.9 (Low)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2018-8043

0 (None)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2018-8087

5.5 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-8822

6.4 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-10207

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2019-11477

8.2 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-11478

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-11479

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-14615

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-14814

7.5 (High)


                        
                          CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-14896

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-15030

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-15031

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-15098

5.2 (Medium)


                        
                          CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-15099

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-15290

5.2 (Medium)


                        
                          CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-15504

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2019-15902

6.2 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-16231

4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-16232

4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-16234

4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2019-17133

8.8 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-17666

5.4 (Medium)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-18808

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-18812

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-18813

4.3 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-19252

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-19332

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-19338

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-3016

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-3846

7.5 (High)


                        
                          CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-3882

4.7 (Medium)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-3887

5.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-6974

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7221

7.5 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-7222

2.8 (Low)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2019-8564

4.2 (Medium)


                        
                          CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-8912

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-9500

5 (Medium)


                        
                          CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-10135

5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-10766

5.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-10767

5.9 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-10768

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-12351

7.5 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-12352

3.1 (Low)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-14331

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-14386

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-24586

4.7 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-24587

4.2 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-24588

6.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-25639

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-25656

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-25668

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-26141

4.2 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-2732

3.2 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-29660

7.4 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-29661

7.4 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-8648

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-8694

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-23133

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-26708

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-28971

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-32606

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-33909

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-3483

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-3489

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-3490

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-3491

7.4 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-3542

6.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-3640

7.4 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-3653

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-3656

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-3744

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-3753

2.9 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-37576

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2021-3759

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-38166

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-43976

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-0185

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-0330

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-0847

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-0886

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-1462

6.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-1516

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-1679

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-1729

8.2 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-1852

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-1966

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-1972

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-1973

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-22942

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-2308

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-24958

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-2588

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-2590

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-26490

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-28388

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-28389

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-28390

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-28893

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-29900

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-29901

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-29968

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2022-3424

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-34918

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-3628

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-3640

7.1 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-40982

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-41218

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-41674

8.8 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-42719

7.5 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-42720

7.5 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-42721

7.5 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-42722

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-4379

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-44032

4.3 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-44033

4.3 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-44034

6.4 (Medium)


                        
                          CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-45884

4.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-45885

4.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-45886

4.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-45887

4.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-45888

4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2022-45919

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-45934

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-0045

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-1076

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-1078

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-1192

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-1380

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-20569

5.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-20593

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-2124

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-31084

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-3141

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-3269

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-39192

6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-39193

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-4128

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-4134

4.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-4194

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-42753

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-42754

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-42756

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-4623

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-46813

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-4881

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-5345

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-6606

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2023-6610

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

842 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2016-3695/	self
https://www.suse.com/security/cve/CVE-2017-1000251/	self
https://www.suse.com/security/cve/CVE-2017-12153/	self
https://www.suse.com/security/cve/CVE-2017-13080/	self
https://www.suse.com/security/cve/CVE-2017-14051/	self
https://www.suse.com/security/cve/CVE-2017-15129/	self
https://www.suse.com/security/cve/CVE-2017-15265/	self
https://www.suse.com/security/cve/CVE-2017-16536/	self
https://www.suse.com/security/cve/CVE-2017-16537/	self
https://www.suse.com/security/cve/CVE-2017-16645/	self
https://www.suse.com/security/cve/CVE-2017-16646/	self
https://www.suse.com/security/cve/CVE-2017-16647/	self
https://www.suse.com/security/cve/CVE-2017-16648/	self
https://www.suse.com/security/cve/CVE-2017-16995/	self
https://www.suse.com/security/cve/CVE-2017-16996/	self
https://www.suse.com/security/cve/CVE-2017-17448/	self
https://www.suse.com/security/cve/CVE-2017-17449/	self
https://www.suse.com/security/cve/CVE-2017-17450/	self
https://www.suse.com/security/cve/CVE-2017-17852/	self
https://www.suse.com/security/cve/CVE-2017-17853/	self
https://www.suse.com/security/cve/CVE-2017-17854/	self
https://www.suse.com/security/cve/CVE-2017-17855/	self
https://www.suse.com/security/cve/CVE-2017-17856/	self
https://www.suse.com/security/cve/CVE-2017-17857/	self
https://www.suse.com/security/cve/CVE-2017-17862/	self
https://www.suse.com/security/cve/CVE-2017-5123/	self
https://www.suse.com/security/cve/CVE-2017-5715/	self
https://www.suse.com/security/cve/CVE-2017-5753/	self
https://www.suse.com/security/cve/CVE-2017-5754/	self
https://www.suse.com/security/cve/CVE-2017-7541/	self
https://www.suse.com/security/cve/CVE-2017-7542/	self
https://www.suse.com/security/cve/CVE-2017-8824/	self
https://www.suse.com/security/cve/CVE-2017-8831/	self
https://www.suse.com/security/cve/CVE-2018-1000004/	self
https://www.suse.com/security/cve/CVE-2018-10322/	self
https://www.suse.com/security/cve/CVE-2018-10323/	self
https://www.suse.com/security/cve/CVE-2018-1068/	self
https://www.suse.com/security/cve/CVE-2018-1118/	self
https://www.suse.com/security/cve/CVE-2018-12232/	self
https://www.suse.com/security/cve/CVE-2018-12714/	self
https://www.suse.com/security/cve/CVE-2018-13053/	self
https://www.suse.com/security/cve/CVE-2018-18710/	self
https://www.suse.com/security/cve/CVE-2018-19824/	self
https://www.suse.com/security/cve/CVE-2018-5332/	self
https://www.suse.com/security/cve/CVE-2018-5333/	self
https://www.suse.com/security/cve/CVE-2018-8043/	self
https://www.suse.com/security/cve/CVE-2018-8087/	self
https://www.suse.com/security/cve/CVE-2018-8822/	self
https://www.suse.com/security/cve/CVE-2019-10207/	self
https://www.suse.com/security/cve/CVE-2019-11477/	self
https://www.suse.com/security/cve/CVE-2019-11478/	self
https://www.suse.com/security/cve/CVE-2019-11479/	self
https://www.suse.com/security/cve/CVE-2019-14615/	self
https://www.suse.com/security/cve/CVE-2019-14814/	self
https://www.suse.com/security/cve/CVE-2019-14896/	self
https://www.suse.com/security/cve/CVE-2019-15030/	self
https://www.suse.com/security/cve/CVE-2019-15031/	self
https://www.suse.com/security/cve/CVE-2019-15098/	self
https://www.suse.com/security/cve/CVE-2019-15099/	self
https://www.suse.com/security/cve/CVE-2019-15290/	self
https://www.suse.com/security/cve/CVE-2019-15504/	self
https://www.suse.com/security/cve/CVE-2019-15902/	self
https://www.suse.com/security/cve/CVE-2019-16231/	self
https://www.suse.com/security/cve/CVE-2019-16232/	self
https://www.suse.com/security/cve/CVE-2019-16234/	self
https://www.suse.com/security/cve/CVE-2019-17133/	self
https://www.suse.com/security/cve/CVE-2019-17666/	self
https://www.suse.com/security/cve/CVE-2019-18808/	self
https://www.suse.com/security/cve/CVE-2019-18812/	self
https://www.suse.com/security/cve/CVE-2019-18813/	self
https://www.suse.com/security/cve/CVE-2019-19252/	self
https://www.suse.com/security/cve/CVE-2019-19332/	self
https://www.suse.com/security/cve/CVE-2019-19338/	self
https://www.suse.com/security/cve/CVE-2019-3016/	self
https://www.suse.com/security/cve/CVE-2019-3846/	self
https://www.suse.com/security/cve/CVE-2019-3882/	self
https://www.suse.com/security/cve/CVE-2019-3887/	self
https://www.suse.com/security/cve/CVE-2019-6974/	self
https://www.suse.com/security/cve/CVE-2019-7221/	self
https://www.suse.com/security/cve/CVE-2019-7222/	self
https://www.suse.com/security/cve/CVE-2019-8564/	self
https://www.suse.com/security/cve/CVE-2019-8912/	self
https://www.suse.com/security/cve/CVE-2019-9500/	self
https://www.suse.com/security/cve/CVE-2020-10135/	self
https://www.suse.com/security/cve/CVE-2020-10766/	self
https://www.suse.com/security/cve/CVE-2020-10767/	self
https://www.suse.com/security/cve/CVE-2020-10768/	self
https://www.suse.com/security/cve/CVE-2020-12351/	self
https://www.suse.com/security/cve/CVE-2020-12352/	self
https://www.suse.com/security/cve/CVE-2020-14331/	self
https://www.suse.com/security/cve/CVE-2020-14386/	self
https://www.suse.com/security/cve/CVE-2020-24586/	self
https://www.suse.com/security/cve/CVE-2020-24587/	self
https://www.suse.com/security/cve/CVE-2020-24588/	self
https://www.suse.com/security/cve/CVE-2020-25639/	self
https://www.suse.com/security/cve/CVE-2020-25656/	self
https://www.suse.com/security/cve/CVE-2020-25668/	self
https://www.suse.com/security/cve/CVE-2020-26141/	self
https://www.suse.com/security/cve/CVE-2020-2732/	self
https://www.suse.com/security/cve/CVE-2020-29660/	self
https://www.suse.com/security/cve/CVE-2020-29661/	self
https://www.suse.com/security/cve/CVE-2020-8648/	self
https://www.suse.com/security/cve/CVE-2020-8694/	self
https://www.suse.com/security/cve/CVE-2021-23133/	self
https://www.suse.com/security/cve/CVE-2021-26708/	self
https://www.suse.com/security/cve/CVE-2021-28971/	self
https://www.suse.com/security/cve/CVE-2021-32606/	self
https://www.suse.com/security/cve/CVE-2021-33909/	self
https://www.suse.com/security/cve/CVE-2021-3483/	self
https://www.suse.com/security/cve/CVE-2021-3489/	self
https://www.suse.com/security/cve/CVE-2021-3490/	self
https://www.suse.com/security/cve/CVE-2021-3491/	self
https://www.suse.com/security/cve/CVE-2021-3542/	self
https://www.suse.com/security/cve/CVE-2021-3640/	self
https://www.suse.com/security/cve/CVE-2021-3653/	self
https://www.suse.com/security/cve/CVE-2021-3656/	self
https://www.suse.com/security/cve/CVE-2021-3744/	self
https://www.suse.com/security/cve/CVE-2021-3753/	self
https://www.suse.com/security/cve/CVE-2021-37576/	self
https://www.suse.com/security/cve/CVE-2021-3759/	self
https://www.suse.com/security/cve/CVE-2021-38166/	self
https://www.suse.com/security/cve/CVE-2021-43976/	self
https://www.suse.com/security/cve/CVE-2022-0185/	self
https://www.suse.com/security/cve/CVE-2022-0330/	self
https://www.suse.com/security/cve/CVE-2022-0847/	self
https://www.suse.com/security/cve/CVE-2022-0886/	self
https://www.suse.com/security/cve/CVE-2022-1462/	self
https://www.suse.com/security/cve/CVE-2022-1516/	self
https://www.suse.com/security/cve/CVE-2022-1679/	self
https://www.suse.com/security/cve/CVE-2022-1729/	self
https://www.suse.com/security/cve/CVE-2022-1852/	self
https://www.suse.com/security/cve/CVE-2022-1966/	self
https://www.suse.com/security/cve/CVE-2022-1972/	self
https://www.suse.com/security/cve/CVE-2022-1973/	self
https://www.suse.com/security/cve/CVE-2022-22942/	self
https://www.suse.com/security/cve/CVE-2022-2308/	self
https://www.suse.com/security/cve/CVE-2022-24958/	self
https://www.suse.com/security/cve/CVE-2022-2588/	self
https://www.suse.com/security/cve/CVE-2022-2590/	self
https://www.suse.com/security/cve/CVE-2022-26490/	self
https://www.suse.com/security/cve/CVE-2022-28388/	self
https://www.suse.com/security/cve/CVE-2022-28389/	self
https://www.suse.com/security/cve/CVE-2022-28390/	self
https://www.suse.com/security/cve/CVE-2022-28893/	self
https://www.suse.com/security/cve/CVE-2022-29900/	self
https://www.suse.com/security/cve/CVE-2022-29901/	self
https://www.suse.com/security/cve/CVE-2022-29968/	self
https://www.suse.com/security/cve/CVE-2022-3424/	self
https://www.suse.com/security/cve/CVE-2022-34918/	self
https://www.suse.com/security/cve/CVE-2022-3628/	self
https://www.suse.com/security/cve/CVE-2022-3640/	self
https://www.suse.com/security/cve/CVE-2022-40982/	self
https://www.suse.com/security/cve/CVE-2022-41218/	self
https://www.suse.com/security/cve/CVE-2022-41674/	self
https://www.suse.com/security/cve/CVE-2022-42719/	self
https://www.suse.com/security/cve/CVE-2022-42720/	self
https://www.suse.com/security/cve/CVE-2022-42721/	self
https://www.suse.com/security/cve/CVE-2022-42722/	self
https://www.suse.com/security/cve/CVE-2022-4379/	self
https://www.suse.com/security/cve/CVE-2022-44032/	self
https://www.suse.com/security/cve/CVE-2022-44033/	self
https://www.suse.com/security/cve/CVE-2022-44034/	self
https://www.suse.com/security/cve/CVE-2022-45884/	self
https://www.suse.com/security/cve/CVE-2022-45885/	self
https://www.suse.com/security/cve/CVE-2022-45886/	self
https://www.suse.com/security/cve/CVE-2022-45887/	self
https://www.suse.com/security/cve/CVE-2022-45888/	self
https://www.suse.com/security/cve/CVE-2022-45919/	self
https://www.suse.com/security/cve/CVE-2022-45934/	self
https://www.suse.com/security/cve/CVE-2023-0045/	self
https://www.suse.com/security/cve/CVE-2023-1076/	self
https://www.suse.com/security/cve/CVE-2023-1078/	self
https://www.suse.com/security/cve/CVE-2023-1192/	self
https://www.suse.com/security/cve/CVE-2023-1380/	self
https://www.suse.com/security/cve/CVE-2023-20569/	self
https://www.suse.com/security/cve/CVE-2023-20593/	self
https://www.suse.com/security/cve/CVE-2023-2124/	self
https://www.suse.com/security/cve/CVE-2023-31084/	self
https://www.suse.com/security/cve/CVE-2023-3141/	self
https://www.suse.com/security/cve/CVE-2023-3269/	self
https://www.suse.com/security/cve/CVE-2023-39192/	self
https://www.suse.com/security/cve/CVE-2023-39193/	self
https://www.suse.com/security/cve/CVE-2023-4128/	self
https://www.suse.com/security/cve/CVE-2023-4134/	self
https://www.suse.com/security/cve/CVE-2023-4194/	self
https://www.suse.com/security/cve/CVE-2023-42753/	self
https://www.suse.com/security/cve/CVE-2023-42754/	self
https://www.suse.com/security/cve/CVE-2023-42756/	self
https://www.suse.com/security/cve/CVE-2023-4623/	self
https://www.suse.com/security/cve/CVE-2023-46813/	self
https://www.suse.com/security/cve/CVE-2023-4881/	self
https://www.suse.com/security/cve/CVE-2023-5345/	self
https://www.suse.com/security/cve/CVE-2023-6606/	self
https://www.suse.com/security/cve/CVE-2023-6610/	self
https://www.suse.com/security/cve/CVE-2016-3695	external
https://bugzilla.suse.com/1023051	external
https://www.suse.com/security/cve/CVE-2017-1000251	external
https://bugzilla.suse.com/1057389	external
https://bugzilla.suse.com/1057950	external
https://bugzilla.suse.com/1070535	external
https://bugzilla.suse.com/1072117	external
https://bugzilla.suse.com/1072162	external
https://bugzilla.suse.com/1120758	external
https://www.suse.com/security/cve/CVE-2017-12153	external
https://bugzilla.suse.com/1058410	external
https://bugzilla.suse.com/1058624	external
https://www.suse.com/security/cve/CVE-2017-13080	external
https://bugzilla.suse.com/1056061	external
https://bugzilla.suse.com/1063479	external
https://bugzilla.suse.com/1063667	external
https://bugzilla.suse.com/1063671	external
https://bugzilla.suse.com/1066295	external
https://bugzilla.suse.com/1105108	external
https://bugzilla.suse.com/1178872	external
https://bugzilla.suse.com/1179588	external
https://www.suse.com/security/cve/CVE-2017-14051	external
https://bugzilla.suse.com/1056588	external
https://www.suse.com/security/cve/CVE-2017-15129	external
https://bugzilla.suse.com/1074839	external
https://www.suse.com/security/cve/CVE-2017-15265	external
https://bugzilla.suse.com/1062520	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2017-16536	external
https://bugzilla.suse.com/1066606	external
https://bugzilla.suse.com/1087082	external
https://bugzilla.suse.com/1146519	external
https://www.suse.com/security/cve/CVE-2017-16537	external
https://bugzilla.suse.com/1066573	external
https://bugzilla.suse.com/1087082	external
https://bugzilla.suse.com/1146519	external
https://www.suse.com/security/cve/CVE-2017-16645	external
https://bugzilla.suse.com/1067132	external
https://bugzilla.suse.com/1087082	external
https://bugzilla.suse.com/1146519	external
https://www.suse.com/security/cve/CVE-2017-16646	external
https://bugzilla.suse.com/1067105	external
https://bugzilla.suse.com/1146519	external
https://www.suse.com/security/cve/CVE-2017-16647	external
https://bugzilla.suse.com/1067102	external
https://bugzilla.suse.com/1146519	external
https://www.suse.com/security/cve/CVE-2017-16648	external
https://bugzilla.suse.com/1067087	external
https://bugzilla.suse.com/1087082	external
https://bugzilla.suse.com/1146519	external
https://www.suse.com/security/cve/CVE-2017-16995	external
https://bugzilla.suse.com/1073928	external
https://www.suse.com/security/cve/CVE-2017-16996	external
https://bugzilla.suse.com/1073928	external
https://www.suse.com/security/cve/CVE-2017-17448	external
https://bugzilla.suse.com/1071693	external
https://www.suse.com/security/cve/CVE-2017-17449	external
https://bugzilla.suse.com/1071694	external
https://www.suse.com/security/cve/CVE-2017-17450	external
https://bugzilla.suse.com/1071695	external
https://bugzilla.suse.com/1074033	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2017-17852	external
https://bugzilla.suse.com/1073928	external
https://www.suse.com/security/cve/CVE-2017-17853	external
https://bugzilla.suse.com/1073928	external
https://www.suse.com/security/cve/CVE-2017-17854	external
https://bugzilla.suse.com/1073928	external
https://www.suse.com/security/cve/CVE-2017-17855	external
https://bugzilla.suse.com/1073928	external
https://www.suse.com/security/cve/CVE-2017-17856	external
https://bugzilla.suse.com/1073928	external
https://www.suse.com/security/cve/CVE-2017-17857	external
https://bugzilla.suse.com/1073928	external
https://www.suse.com/security/cve/CVE-2017-17862	external
https://bugzilla.suse.com/1073928	external
https://www.suse.com/security/cve/CVE-2017-5123	external
https://bugzilla.suse.com/1062473	external
https://bugzilla.suse.com/1122971	external
https://www.suse.com/security/cve/CVE-2017-5715	external
https://bugzilla.suse.com/1068032	external
https://bugzilla.suse.com/1074562	external
https://bugzilla.suse.com/1074578	external
https://bugzilla.suse.com/1074701	external
https://bugzilla.suse.com/1074741	external
https://bugzilla.suse.com/1074919	external
https://bugzilla.suse.com/1075006	external
https://bugzilla.suse.com/1075007	external
https://bugzilla.suse.com/1075262	external
https://bugzilla.suse.com/1075419	external
https://bugzilla.suse.com/1076115	external
https://bugzilla.suse.com/1076372	external
https://bugzilla.suse.com/1076606	external
https://bugzilla.suse.com/1078353	external
https://bugzilla.suse.com/1080039	external
https://bugzilla.suse.com/1087887	external
https://bugzilla.suse.com/1087939	external
https://bugzilla.suse.com/1088147	external
https://bugzilla.suse.com/1089055	external
https://bugzilla.suse.com/1091815	external
https://bugzilla.suse.com/1095735	external
https://bugzilla.suse.com/1102517	external
https://bugzilla.suse.com/1105108	external
https://bugzilla.suse.com/1126516	external
https://bugzilla.suse.com/1173489	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201457	external
https://bugzilla.suse.com/1201877	external
https://bugzilla.suse.com/1203236	external
https://www.suse.com/security/cve/CVE-2017-5753	external
https://bugzilla.suse.com/1068032	external
https://bugzilla.suse.com/1074562	external
https://bugzilla.suse.com/1074578	external
https://bugzilla.suse.com/1074701	external
https://bugzilla.suse.com/1075006	external
https://bugzilla.suse.com/1075419	external
https://bugzilla.suse.com/1075748	external
https://bugzilla.suse.com/1080039	external
https://bugzilla.suse.com/1087084	external
https://bugzilla.suse.com/1087939	external
https://bugzilla.suse.com/1089055	external
https://bugzilla.suse.com/1136865	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://bugzilla.suse.com/1209547	external
https://www.suse.com/security/cve/CVE-2017-5754	external
https://bugzilla.suse.com/1068032	external
https://bugzilla.suse.com/1074562	external
https://bugzilla.suse.com/1074578	external
https://bugzilla.suse.com/1074701	external
https://bugzilla.suse.com/1075006	external
https://bugzilla.suse.com/1075008	external
https://bugzilla.suse.com/1087939	external
https://bugzilla.suse.com/1089055	external
https://bugzilla.suse.com/1115045	external
https://bugzilla.suse.com/1136865	external
https://bugzilla.suse.com/1178658	external
https://bugzilla.suse.com/1201877	external
https://www.suse.com/security/cve/CVE-2017-7541	external
https://bugzilla.suse.com/1049645	external
https://www.suse.com/security/cve/CVE-2017-7542	external
https://bugzilla.suse.com/1049882	external
https://bugzilla.suse.com/1061936	external
https://www.suse.com/security/cve/CVE-2017-8824	external
https://bugzilla.suse.com/1070771	external
https://bugzilla.suse.com/1076734	external
https://bugzilla.suse.com/1092904	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2017-8831	external
https://bugzilla.suse.com/1037994	external
https://bugzilla.suse.com/1061936	external
https://bugzilla.suse.com/1087082	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2018-1000004	external
https://bugzilla.suse.com/1076017	external
https://bugzilla.suse.com/1091815	external
https://www.suse.com/security/cve/CVE-2018-10322	external
https://bugzilla.suse.com/1087082	external
https://bugzilla.suse.com/1090749	external
https://www.suse.com/security/cve/CVE-2018-10323	external
https://bugzilla.suse.com/1087082	external
https://bugzilla.suse.com/1090717	external
https://www.suse.com/security/cve/CVE-2018-1068	external
https://bugzilla.suse.com/1085107	external
https://bugzilla.suse.com/1085114	external
https://bugzilla.suse.com/1087082	external
https://bugzilla.suse.com/1123903	external
https://www.suse.com/security/cve/CVE-2018-1118	external
https://bugzilla.suse.com/1087082	external
https://bugzilla.suse.com/1092472	external
https://www.suse.com/security/cve/CVE-2018-12232	external
https://bugzilla.suse.com/1087082	external
https://bugzilla.suse.com/1097593	external
https://bugzilla.suse.com/1125907	external
https://bugzilla.suse.com/1127757	external
https://www.suse.com/security/cve/CVE-2018-12714	external
https://bugzilla.suse.com/1098933	external
https://www.suse.com/security/cve/CVE-2018-13053	external
https://bugzilla.suse.com/1099924	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2018-18710	external
https://bugzilla.suse.com/1113751	external
https://www.suse.com/security/cve/CVE-2018-19824	external
https://bugzilla.suse.com/1118152	external
https://www.suse.com/security/cve/CVE-2018-5332	external
https://bugzilla.suse.com/1075621	external
https://bugzilla.suse.com/1091815	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2018-5333	external
https://bugzilla.suse.com/1075617	external
https://bugzilla.suse.com/1091815	external
https://www.suse.com/security/cve/CVE-2018-8043	external
https://bugzilla.suse.com/1084829	external
https://www.suse.com/security/cve/CVE-2018-8087	external
https://bugzilla.suse.com/1085053	external
https://www.suse.com/security/cve/CVE-2018-8822	external
https://bugzilla.suse.com/1086162	external
https://bugzilla.suse.com/1090404	external
https://bugzilla.suse.com/1091815	external
https://www.suse.com/security/cve/CVE-2019-10207	external
https://bugzilla.suse.com/1123959	external
https://bugzilla.suse.com/1142857	external
https://www.suse.com/security/cve/CVE-2019-11477	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1137586	external
https://bugzilla.suse.com/1142129	external
https://bugzilla.suse.com/1153242	external
https://www.suse.com/security/cve/CVE-2019-11478	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1137586	external
https://bugzilla.suse.com/1142129	external
https://bugzilla.suse.com/1143542	external
https://www.suse.com/security/cve/CVE-2019-11479	external
https://bugzilla.suse.com/1132686	external
https://bugzilla.suse.com/1137586	external
https://bugzilla.suse.com/1142129	external
https://bugzilla.suse.com/1143542	external
https://www.suse.com/security/cve/CVE-2019-14615	external
https://bugzilla.suse.com/1160195	external
https://bugzilla.suse.com/1165881	external
https://www.suse.com/security/cve/CVE-2019-14814	external
https://bugzilla.suse.com/1146512	external
https://bugzilla.suse.com/1173664	external
https://bugzilla.suse.com/1173665	external
https://www.suse.com/security/cve/CVE-2019-14896	external
https://bugzilla.suse.com/1157157	external
https://bugzilla.suse.com/1160468	external
https://www.suse.com/security/cve/CVE-2019-15030	external
https://bugzilla.suse.com/1149713	external
https://www.suse.com/security/cve/CVE-2019-15031	external
https://bugzilla.suse.com/1149713	external
https://www.suse.com/security/cve/CVE-2019-15098	external
https://bugzilla.suse.com/1146378	external
https://bugzilla.suse.com/1146543	external
https://www.suse.com/security/cve/CVE-2019-15099	external
https://bugzilla.suse.com/1146368	external
https://www.suse.com/security/cve/CVE-2019-15290	external
https://bugzilla.suse.com/1146378	external
https://bugzilla.suse.com/1146519	external
https://bugzilla.suse.com/1146543	external
https://bugzilla.suse.com/1158381	external
https://bugzilla.suse.com/1158834	external
https://www.suse.com/security/cve/CVE-2019-15504	external
https://bugzilla.suse.com/1147116	external
https://bugzilla.suse.com/1185852	external
https://www.suse.com/security/cve/CVE-2019-15902	external
https://bugzilla.suse.com/1149376	external
https://bugzilla.suse.com/1155131	external
https://www.suse.com/security/cve/CVE-2019-16231	external
https://bugzilla.suse.com/1150466	external
https://www.suse.com/security/cve/CVE-2019-16232	external
https://bugzilla.suse.com/1150465	external
https://www.suse.com/security/cve/CVE-2019-16234	external
https://bugzilla.suse.com/1150452	external
https://www.suse.com/security/cve/CVE-2019-17133	external
https://bugzilla.suse.com/1153158	external
https://bugzilla.suse.com/1153161	external
https://www.suse.com/security/cve/CVE-2019-17666	external
https://bugzilla.suse.com/1154372	external
https://www.suse.com/security/cve/CVE-2019-18808	external
https://bugzilla.suse.com/1156259	external
https://bugzilla.suse.com/1189884	external
https://bugzilla.suse.com/1190534	external
https://www.suse.com/security/cve/CVE-2019-18812	external
https://bugzilla.suse.com/1156277	external
https://www.suse.com/security/cve/CVE-2019-18813	external
https://bugzilla.suse.com/1156278	external
https://www.suse.com/security/cve/CVE-2019-19252	external
https://bugzilla.suse.com/1157813	external
https://www.suse.com/security/cve/CVE-2019-19332	external
https://bugzilla.suse.com/1158827	external
https://www.suse.com/security/cve/CVE-2019-19338	external
https://bugzilla.suse.com/1158954	external
https://www.suse.com/security/cve/CVE-2019-3016	external
https://bugzilla.suse.com/1159281	external
https://bugzilla.suse.com/1161154	external
https://www.suse.com/security/cve/CVE-2019-3846	external
https://bugzilla.suse.com/1136424	external
https://bugzilla.suse.com/1136446	external
https://bugzilla.suse.com/1156330	external
https://www.suse.com/security/cve/CVE-2019-3882	external
https://bugzilla.suse.com/1131416	external
https://bugzilla.suse.com/1131427	external
https://bugzilla.suse.com/1133319	external
https://www.suse.com/security/cve/CVE-2019-3887	external
https://bugzilla.suse.com/1131800	external
https://www.suse.com/security/cve/CVE-2019-6974	external
https://bugzilla.suse.com/1124728	external
https://bugzilla.suse.com/1124729	external
https://www.suse.com/security/cve/CVE-2019-7221	external
https://bugzilla.suse.com/1124732	external
https://bugzilla.suse.com/1124734	external
https://www.suse.com/security/cve/CVE-2019-7222	external
https://bugzilla.suse.com/1124735	external
https://www.suse.com/security/cve/CVE-2019-8564	external
https://bugzilla.suse.com/1132673	external
https://bugzilla.suse.com/1132828	external
https://www.suse.com/security/cve/CVE-2019-8912	external
https://bugzilla.suse.com/1125907	external
https://bugzilla.suse.com/1126284	external
https://www.suse.com/security/cve/CVE-2019-9500	external
https://bugzilla.suse.com/1132681	external
https://www.suse.com/security/cve/CVE-2020-10135	external
https://bugzilla.suse.com/1171988	external
https://www.suse.com/security/cve/CVE-2020-10766	external
https://bugzilla.suse.com/1159281	external
https://bugzilla.suse.com/1172781	external
https://www.suse.com/security/cve/CVE-2020-10767	external
https://bugzilla.suse.com/1159281	external
https://bugzilla.suse.com/1172782	external
https://www.suse.com/security/cve/CVE-2020-10768	external
https://bugzilla.suse.com/1159281	external
https://bugzilla.suse.com/1172783	external
https://www.suse.com/security/cve/CVE-2020-12351	external
https://bugzilla.suse.com/1177724	external
https://bugzilla.suse.com/1177729	external
https://bugzilla.suse.com/1178397	external
https://www.suse.com/security/cve/CVE-2020-12352	external
https://bugzilla.suse.com/1177725	external
https://bugzilla.suse.com/1178398	external
https://www.suse.com/security/cve/CVE-2020-14331	external
https://bugzilla.suse.com/1174205	external
https://bugzilla.suse.com/1174247	external
https://www.suse.com/security/cve/CVE-2020-14386	external
https://bugzilla.suse.com/1176069	external
https://bugzilla.suse.com/1176072	external
https://www.suse.com/security/cve/CVE-2020-24586	external
https://bugzilla.suse.com/1185859	external
https://bugzilla.suse.com/1192868	external
https://www.suse.com/security/cve/CVE-2020-24587	external
https://bugzilla.suse.com/1185859	external
https://bugzilla.suse.com/1185862	external
https://bugzilla.suse.com/1192868	external
https://www.suse.com/security/cve/CVE-2020-24588	external
https://bugzilla.suse.com/1185861	external
https://bugzilla.suse.com/1192868	external
https://bugzilla.suse.com/1199701	external
https://www.suse.com/security/cve/CVE-2020-25639	external
https://bugzilla.suse.com/1176846	external
https://www.suse.com/security/cve/CVE-2020-25656	external
https://bugzilla.suse.com/1177766	external
https://www.suse.com/security/cve/CVE-2020-25668	external
https://bugzilla.suse.com/1178123	external
https://bugzilla.suse.com/1178622	external
https://bugzilla.suse.com/1196914	external
https://www.suse.com/security/cve/CVE-2020-26141	external
https://bugzilla.suse.com/1185987	external
https://www.suse.com/security/cve/CVE-2020-2732	external
https://bugzilla.suse.com/1163971	external
https://www.suse.com/security/cve/CVE-2020-29660	external
https://bugzilla.suse.com/1179745	external
https://bugzilla.suse.com/1179877	external
https://www.suse.com/security/cve/CVE-2020-29661	external
https://bugzilla.suse.com/1179745	external
https://bugzilla.suse.com/1179877	external
https://bugzilla.suse.com/1214268	external
https://bugzilla.suse.com/1218966	external
https://www.suse.com/security/cve/CVE-2020-8648	external
https://bugzilla.suse.com/1162928	external
https://www.suse.com/security/cve/CVE-2020-8694	external
https://bugzilla.suse.com/1170415	external
https://bugzilla.suse.com/1170446	external
https://bugzilla.suse.com/1178591	external
https://bugzilla.suse.com/1178700	external
https://bugzilla.suse.com/1179661	external
https://www.suse.com/security/cve/CVE-2021-23133	external
https://bugzilla.suse.com/1184675	external
https://bugzilla.suse.com/1185901	external
https://www.suse.com/security/cve/CVE-2021-26708	external
https://bugzilla.suse.com/1181806	external
https://bugzilla.suse.com/1183298	external
https://www.suse.com/security/cve/CVE-2021-28971	external
https://bugzilla.suse.com/1184196	external
https://www.suse.com/security/cve/CVE-2021-32606	external
https://bugzilla.suse.com/1185953	external
https://www.suse.com/security/cve/CVE-2021-33909	external
https://bugzilla.suse.com/1188062	external
https://bugzilla.suse.com/1188063	external
https://bugzilla.suse.com/1188257	external
https://bugzilla.suse.com/1189302	external
https://bugzilla.suse.com/1190859	external
https://www.suse.com/security/cve/CVE-2021-3483	external
https://bugzilla.suse.com/1184393	external
https://www.suse.com/security/cve/CVE-2021-3489	external
https://bugzilla.suse.com/1185640	external
https://bugzilla.suse.com/1185856	external
https://www.suse.com/security/cve/CVE-2021-3490	external
https://bugzilla.suse.com/1185641	external
https://bugzilla.suse.com/1185796	external
https://www.suse.com/security/cve/CVE-2021-3491	external
https://bugzilla.suse.com/1185642	external
https://bugzilla.suse.com/1187090	external
https://www.suse.com/security/cve/CVE-2021-3542	external
https://bugzilla.suse.com/1184673	external
https://bugzilla.suse.com/1186063	external
https://www.suse.com/security/cve/CVE-2021-3640	external
https://bugzilla.suse.com/1188172	external
https://bugzilla.suse.com/1188613	external
https://bugzilla.suse.com/1191530	external
https://bugzilla.suse.com/1196810	external
https://bugzilla.suse.com/1196914	external
https://www.suse.com/security/cve/CVE-2021-3653	external
https://bugzilla.suse.com/1189399	external
https://bugzilla.suse.com/1189420	external
https://bugzilla.suse.com/1196914	external
https://www.suse.com/security/cve/CVE-2021-3656	external
https://bugzilla.suse.com/1189400	external
https://bugzilla.suse.com/1189418	external
https://www.suse.com/security/cve/CVE-2021-3744	external
https://bugzilla.suse.com/1189884	external
https://bugzilla.suse.com/1190534	external
https://www.suse.com/security/cve/CVE-2021-3753	external
https://bugzilla.suse.com/1190025	external
https://www.suse.com/security/cve/CVE-2021-37576	external
https://bugzilla.suse.com/1188838	external
https://bugzilla.suse.com/1188842	external
https://bugzilla.suse.com/1190276	external
https://www.suse.com/security/cve/CVE-2021-3759	external
https://bugzilla.suse.com/1190115	external
https://www.suse.com/security/cve/CVE-2021-38166	external
https://bugzilla.suse.com/1189233	external
https://www.suse.com/security/cve/CVE-2021-43976	external
https://bugzilla.suse.com/1192847	external
https://www.suse.com/security/cve/CVE-2022-0185	external
https://bugzilla.suse.com/1194517	external
https://bugzilla.suse.com/1194737	external
https://www.suse.com/security/cve/CVE-2022-0330	external
https://bugzilla.suse.com/1194880	external
https://bugzilla.suse.com/1195950	external
https://www.suse.com/security/cve/CVE-2022-0847	external
https://bugzilla.suse.com/1196584	external
https://bugzilla.suse.com/1196601	external
https://www.suse.com/security/cve/CVE-2022-0886	external
https://bugzilla.suse.com/1197131	external
https://bugzilla.suse.com/1197133	external
https://bugzilla.suse.com/1197462	external
https://www.suse.com/security/cve/CVE-2022-1462	external
https://bugzilla.suse.com/1198829	external
https://www.suse.com/security/cve/CVE-2022-1516	external
https://bugzilla.suse.com/1199012	external
https://www.suse.com/security/cve/CVE-2022-1679	external
https://bugzilla.suse.com/1199487	external
https://bugzilla.suse.com/1201080	external
https://bugzilla.suse.com/1201832	external
https://bugzilla.suse.com/1204132	external
https://bugzilla.suse.com/1212316	external
https://www.suse.com/security/cve/CVE-2022-1729	external
https://bugzilla.suse.com/1199507	external
https://bugzilla.suse.com/1199697	external
https://bugzilla.suse.com/1201832	external
https://www.suse.com/security/cve/CVE-2022-1852	external
https://bugzilla.suse.com/1199875	external
https://www.suse.com/security/cve/CVE-2022-1966	external
https://bugzilla.suse.com/1200015	external
https://bugzilla.suse.com/1200268	external
https://bugzilla.suse.com/1200494	external
https://bugzilla.suse.com/1200529	external
https://www.suse.com/security/cve/CVE-2022-1972	external
https://bugzilla.suse.com/1200019	external
https://bugzilla.suse.com/1200266	external
https://www.suse.com/security/cve/CVE-2022-1973	external
https://bugzilla.suse.com/1200023	external
https://www.suse.com/security/cve/CVE-2022-22942	external
https://bugzilla.suse.com/1195065	external
https://bugzilla.suse.com/1195951	external
https://www.suse.com/security/cve/CVE-2022-2308	external
https://bugzilla.suse.com/1202573	external
https://www.suse.com/security/cve/CVE-2022-24958	external
https://bugzilla.suse.com/1195905	external
https://www.suse.com/security/cve/CVE-2022-2588	external
https://bugzilla.suse.com/1202096	external
https://bugzilla.suse.com/1203613	external
https://bugzilla.suse.com/1204183	external
https://bugzilla.suse.com/1209225	external
https://www.suse.com/security/cve/CVE-2022-2590	external
https://bugzilla.suse.com/1202013	external
https://bugzilla.suse.com/1202089	external
https://www.suse.com/security/cve/CVE-2022-26490	external
https://bugzilla.suse.com/1196830	external
https://bugzilla.suse.com/1201656	external
https://bugzilla.suse.com/1201969	external
https://bugzilla.suse.com/1211495	external
https://www.suse.com/security/cve/CVE-2022-28388	external
https://bugzilla.suse.com/1198032	external
https://www.suse.com/security/cve/CVE-2022-28389	external
https://bugzilla.suse.com/1198033	external
https://bugzilla.suse.com/1201657	external
https://www.suse.com/security/cve/CVE-2022-28390	external
https://bugzilla.suse.com/1198031	external
https://bugzilla.suse.com/1201517	external
https://bugzilla.suse.com/1207969	external
https://www.suse.com/security/cve/CVE-2022-28893	external
https://bugzilla.suse.com/1198330	external
https://www.suse.com/security/cve/CVE-2022-29900	external
https://bugzilla.suse.com/1199657	external
https://bugzilla.suse.com/1201469	external
https://bugzilla.suse.com/1207894	external
https://www.suse.com/security/cve/CVE-2022-29901	external
https://bugzilla.suse.com/1199657	external
https://bugzilla.suse.com/1201469	external
https://bugzilla.suse.com/1207894	external
https://www.suse.com/security/cve/CVE-2022-29968	external
https://bugzilla.suse.com/1199087	external
https://www.suse.com/security/cve/CVE-2022-3424	external
https://bugzilla.suse.com/1204166	external
https://bugzilla.suse.com/1204167	external
https://bugzilla.suse.com/1208044	external
https://bugzilla.suse.com/1212309	external
https://www.suse.com/security/cve/CVE-2022-34918	external
https://bugzilla.suse.com/1201171	external
https://bugzilla.suse.com/1201177	external
https://bugzilla.suse.com/1201222	external
https://www.suse.com/security/cve/CVE-2022-3628	external
https://bugzilla.suse.com/1204868	external
https://www.suse.com/security/cve/CVE-2022-3640	external
https://bugzilla.suse.com/1204619	external
https://bugzilla.suse.com/1204624	external
https://bugzilla.suse.com/1209225	external
https://www.suse.com/security/cve/CVE-2022-40982	external
https://bugzilla.suse.com/1206418	external
https://bugzilla.suse.com/1215674	external
https://www.suse.com/security/cve/CVE-2022-41218	external
https://bugzilla.suse.com/1202960	external
https://bugzilla.suse.com/1203606	external
https://bugzilla.suse.com/1205313	external
https://bugzilla.suse.com/1209225	external
https://www.suse.com/security/cve/CVE-2022-41674	external
https://bugzilla.suse.com/1203770	external
https://bugzilla.suse.com/1203994	external
https://bugzilla.suse.com/1209225	external
https://www.suse.com/security/cve/CVE-2022-42719	external
https://bugzilla.suse.com/1204051	external
https://bugzilla.suse.com/1204292	external
https://bugzilla.suse.com/1209225	external
https://www.suse.com/security/cve/CVE-2022-42720	external
https://bugzilla.suse.com/1204059	external
https://bugzilla.suse.com/1204291	external
https://bugzilla.suse.com/1209225	external
https://www.suse.com/security/cve/CVE-2022-42721	external
https://bugzilla.suse.com/1204060	external
https://bugzilla.suse.com/1204290	external
https://bugzilla.suse.com/1209225	external
https://www.suse.com/security/cve/CVE-2022-42722	external
https://bugzilla.suse.com/1204125	external
https://bugzilla.suse.com/1204289	external
https://bugzilla.suse.com/1209225	external
https://www.suse.com/security/cve/CVE-2022-4379	external
https://bugzilla.suse.com/1206209	external
https://bugzilla.suse.com/1206373	external
https://www.suse.com/security/cve/CVE-2022-44032	external
https://bugzilla.suse.com/1204894	external
https://bugzilla.suse.com/1212290	external
https://www.suse.com/security/cve/CVE-2022-44033	external
https://bugzilla.suse.com/1204922	external
https://bugzilla.suse.com/1212306	external
https://www.suse.com/security/cve/CVE-2022-44034	external
https://bugzilla.suse.com/1204901	external
https://www.suse.com/security/cve/CVE-2022-45884	external
https://bugzilla.suse.com/1205756	external
https://www.suse.com/security/cve/CVE-2022-45885	external
https://bugzilla.suse.com/1205758	external
https://www.suse.com/security/cve/CVE-2022-45886	external
https://bugzilla.suse.com/1205760	external
https://www.suse.com/security/cve/CVE-2022-45887	external
https://bugzilla.suse.com/1205762	external
https://bugzilla.suse.com/1220015	external
https://www.suse.com/security/cve/CVE-2022-45888	external
https://bugzilla.suse.com/1205764	external
https://www.suse.com/security/cve/CVE-2022-45919	external
https://bugzilla.suse.com/1205803	external
https://bugzilla.suse.com/1208600	external
https://bugzilla.suse.com/1208912	external
https://bugzilla.suse.com/1214128	external
https://bugzilla.suse.com/1215674	external
https://www.suse.com/security/cve/CVE-2022-45934	external
https://bugzilla.suse.com/1205796	external
https://bugzilla.suse.com/1212292	external
https://www.suse.com/security/cve/CVE-2023-0045	external
https://bugzilla.suse.com/1207773	external
https://www.suse.com/security/cve/CVE-2023-1076	external
https://bugzilla.suse.com/1208599	external
https://bugzilla.suse.com/1214019	external
https://www.suse.com/security/cve/CVE-2023-1078	external
https://bugzilla.suse.com/1208601	external
https://bugzilla.suse.com/1208603	external
https://www.suse.com/security/cve/CVE-2023-1192	external
https://bugzilla.suse.com/1208995	external
https://www.suse.com/security/cve/CVE-2023-1380	external
https://bugzilla.suse.com/1209287	external
https://www.suse.com/security/cve/CVE-2023-20569	external
https://bugzilla.suse.com/1213287	external
https://www.suse.com/security/cve/CVE-2023-20593	external
https://bugzilla.suse.com/1213286	external
https://bugzilla.suse.com/1213616	external
https://bugzilla.suse.com/1215674	external
https://www.suse.com/security/cve/CVE-2023-2124	external
https://bugzilla.suse.com/1210498	external
https://www.suse.com/security/cve/CVE-2023-31084	external
https://bugzilla.suse.com/1210783	external
https://www.suse.com/security/cve/CVE-2023-3141	external
https://bugzilla.suse.com/1212129	external
https://bugzilla.suse.com/1215674	external
https://www.suse.com/security/cve/CVE-2023-3269	external
https://bugzilla.suse.com/1212395	external
https://bugzilla.suse.com/1213760	external
https://www.suse.com/security/cve/CVE-2023-39192	external
https://bugzilla.suse.com/1215858	external
https://bugzilla.suse.com/1220015	external
https://www.suse.com/security/cve/CVE-2023-39193	external
https://bugzilla.suse.com/1215860	external
https://bugzilla.suse.com/1220015	external
https://www.suse.com/security/cve/CVE-2023-4128	external
https://bugzilla.suse.com/1214149	external
https://www.suse.com/security/cve/CVE-2023-4134	external
https://bugzilla.suse.com/1213971	external
https://www.suse.com/security/cve/CVE-2023-4194	external
https://bugzilla.suse.com/1214019	external
https://www.suse.com/security/cve/CVE-2023-42753	external
https://bugzilla.suse.com/1215150	external
https://bugzilla.suse.com/1218613	external
https://www.suse.com/security/cve/CVE-2023-42754	external
https://bugzilla.suse.com/1215467	external
https://bugzilla.suse.com/1222212	external
https://www.suse.com/security/cve/CVE-2023-42756	external
https://bugzilla.suse.com/1215767	external
https://www.suse.com/security/cve/CVE-2023-4623	external
https://bugzilla.suse.com/1215115	external
https://bugzilla.suse.com/1215440	external
https://bugzilla.suse.com/1217444	external
https://bugzilla.suse.com/1217531	external
https://bugzilla.suse.com/1219698	external
https://bugzilla.suse.com/1221578	external
https://bugzilla.suse.com/1221598	external
https://www.suse.com/security/cve/CVE-2023-46813	external
https://bugzilla.suse.com/1212649	external
https://bugzilla.suse.com/1216896	external
https://www.suse.com/security/cve/CVE-2023-4881	external
https://bugzilla.suse.com/1215221	external
https://www.suse.com/security/cve/CVE-2023-5345	external
https://bugzilla.suse.com/1215899	external
https://bugzilla.suse.com/1215971	external
https://www.suse.com/security/cve/CVE-2023-6606	external
https://bugzilla.suse.com/1217947	external
https://bugzilla.suse.com/1220015	external
https://www.suse.com/security/cve/CVE-2023-6610	external
https://bugzilla.suse.com/1217946	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "kernel-devel-longterm-6.6.17-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the kernel-devel-longterm-6.6.17-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13704",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13704-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-3695 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-3695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-1000251 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-1000251/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-12153 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-12153/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-13080 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-13080/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-14051 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-14051/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15129 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15129/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15265 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15265/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-16536 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-16536/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-16537 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-16537/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-16645 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-16645/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-16646 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-16646/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-16647 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-16647/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-16648 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-16648/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-16995 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-16995/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-16996 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-16996/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-17448 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-17448/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-17449 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-17449/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-17450 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-17450/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-17852 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-17852/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-17853 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-17853/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-17854 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-17854/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-17855 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-17855/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-17856 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-17856/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-17857 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-17857/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-17862 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-17862/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5123 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5123/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5715 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5715/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5753 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5753/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5754 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5754/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7541 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7541/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7542 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7542/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-8824 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-8824/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-8831 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-8831/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1000004 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1000004/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10322 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10322/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10323 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10323/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1068 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1068/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1118 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1118/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12232 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12232/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-12714 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-12714/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-13053 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-13053/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-18710 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-18710/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-19824 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-19824/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5332 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5332/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5333 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5333/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-8043 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-8043/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-8087 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-8087/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-8822 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-8822/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-10207 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-10207/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-11477 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-11477/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-11478 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-11478/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-11479 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-11479/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14615 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14615/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14814 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14814/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14896 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14896/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-15030 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-15030/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-15031 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-15031/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-15098 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-15098/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-15099 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-15099/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-15290 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-15290/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-15504 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-15504/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-15902 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-15902/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-16231 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-16231/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-16232 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-16232/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-16234 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-16234/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17133 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17133/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-17666 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-17666/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-18808 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-18808/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-18812 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-18812/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-18813 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-18813/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-19252 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-19252/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-19332 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-19332/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-19338 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-19338/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-3016 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-3016/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-3846 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-3846/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-3882 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-3882/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-3887 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-3887/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-6974 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-6974/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7221 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7221/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7222 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7222/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-8564 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-8564/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-8912 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-8912/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-9500 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-9500/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-10135 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-10135/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-10766 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-10766/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-10767 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-10767/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-10768 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-10768/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-12351 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-12351/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-12352 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-12352/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-14331 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-14331/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-14386 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-14386/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-24586 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-24586/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-24587 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-24587/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-24588 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-24588/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25639 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25639/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25656 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25656/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-25668 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-25668/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-26141 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-26141/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-2732 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-2732/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-29660 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-29660/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-29661 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-29661/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8648 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8648/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8694 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8694/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-23133 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-23133/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-26708 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-26708/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-28971 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-28971/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-32606 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-32606/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-33909 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-33909/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3483 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3483/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3489 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3489/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3490 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3490/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3491 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3491/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3542 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3542/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3640 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3640/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3653 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3653/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3656 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3656/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3744 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3744/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3753 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3753/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-37576 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-37576/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3759 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3759/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-38166 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-38166/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-43976 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-43976/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-0185 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-0185/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-0330 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-0330/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-0847 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-0847/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-0886 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-0886/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-1462 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-1462/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-1516 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-1516/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-1679 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-1679/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-1729 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-1729/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-1852 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-1852/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-1966 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-1966/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-1972 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-1972/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-1973 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-1973/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-22942 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-22942/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-2308 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-2308/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-24958 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-24958/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-2588 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-2588/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-2590 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-2590/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-26490 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-26490/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-28388 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-28388/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-28389 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-28389/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-28390 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-28390/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-28893 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-28893/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-29900 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-29900/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-29901 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-29901/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-29968 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-29968/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-3424 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-3424/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-34918 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-34918/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-3628 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-3628/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-3640 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-3640/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-40982 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-40982/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-41218 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-41218/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-41674 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-41674/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42719 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42719/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42720 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42720/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42721 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42721/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42722 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42722/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-4379 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-4379/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-44032 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-44032/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-44033 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-44033/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-44034 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-44034/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-45884 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-45884/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-45885 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-45885/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-45886 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-45886/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-45887 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-45887/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-45888 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-45888/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-45919 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-45919/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-45934 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-45934/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-0045 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-0045/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-1076 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-1076/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-1078 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-1078/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-1192 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-1192/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-1380 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-1380/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-20569 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-20569/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-20593 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-20593/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-2124 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-2124/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-31084 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-31084/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-3141 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-3141/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-3269 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-3269/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-39192 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-39192/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-39193 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-39193/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-4128 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-4128/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-4134 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-4134/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-4194 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-4194/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-42753 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-42753/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-42754 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-42754/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-42756 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-42756/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-4623 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-4623/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-46813 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-46813/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-4881 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-4881/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-5345 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-5345/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-6606 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-6606/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-6610 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-6610/"
      }
    ],
    "title": "kernel-devel-longterm-6.6.17-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13704-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-longterm-6.6.17-1.1.aarch64",
                "product": {
                  "name": "kernel-devel-longterm-6.6.17-1.1.aarch64",
                  "product_id": "kernel-devel-longterm-6.6.17-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-longterm-6.6.17-1.1.aarch64",
                "product": {
                  "name": "kernel-source-longterm-6.6.17-1.1.aarch64",
                  "product_id": "kernel-source-longterm-6.6.17-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-longterm-6.6.17-1.1.ppc64le",
                "product": {
                  "name": "kernel-devel-longterm-6.6.17-1.1.ppc64le",
                  "product_id": "kernel-devel-longterm-6.6.17-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-longterm-6.6.17-1.1.ppc64le",
                "product": {
                  "name": "kernel-source-longterm-6.6.17-1.1.ppc64le",
                  "product_id": "kernel-source-longterm-6.6.17-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-longterm-6.6.17-1.1.s390x",
                "product": {
                  "name": "kernel-devel-longterm-6.6.17-1.1.s390x",
                  "product_id": "kernel-devel-longterm-6.6.17-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-longterm-6.6.17-1.1.s390x",
                "product": {
                  "name": "kernel-source-longterm-6.6.17-1.1.s390x",
                  "product_id": "kernel-source-longterm-6.6.17-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-longterm-6.6.17-1.1.x86_64",
                "product": {
                  "name": "kernel-devel-longterm-6.6.17-1.1.x86_64",
                  "product_id": "kernel-devel-longterm-6.6.17-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-longterm-6.6.17-1.1.x86_64",
                "product": {
                  "name": "kernel-source-longterm-6.6.17-1.1.x86_64",
                  "product_id": "kernel-source-longterm-6.6.17-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-longterm-6.6.17-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64"
        },
        "product_reference": "kernel-devel-longterm-6.6.17-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-longterm-6.6.17-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le"
        },
        "product_reference": "kernel-devel-longterm-6.6.17-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-longterm-6.6.17-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x"
        },
        "product_reference": "kernel-devel-longterm-6.6.17-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-longterm-6.6.17-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64"
        },
        "product_reference": "kernel-devel-longterm-6.6.17-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-longterm-6.6.17-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64"
        },
        "product_reference": "kernel-source-longterm-6.6.17-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-longterm-6.6.17-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le"
        },
        "product_reference": "kernel-source-longterm-6.6.17-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-longterm-6.6.17-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x"
        },
        "product_reference": "kernel-source-longterm-6.6.17-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-longterm-6.6.17-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        },
        "product_reference": "kernel-source-longterm-6.6.17-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-3695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-3695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-3695",
          "url": "https://www.suse.com/security/cve/CVE-2016-3695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1023051 for CVE-2016-3695",
          "url": "https://bugzilla.suse.com/1023051"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2016-3695"
    },
    {
      "cve": "CVE-2017-1000251",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-1000251"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-1000251",
          "url": "https://www.suse.com/security/cve/CVE-2017-1000251"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057389 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057389"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1057950 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1057950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1070535 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1070535"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072117 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072117"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072162 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1072162"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120758 for CVE-2017-1000251",
          "url": "https://bugzilla.suse.com/1120758"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-1000251"
    },
    {
      "cve": "CVE-2017-12153",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-12153"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-12153",
          "url": "https://www.suse.com/security/cve/CVE-2017-12153"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1058410 for CVE-2017-12153",
          "url": "https://bugzilla.suse.com/1058410"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1058624 for CVE-2017-12153",
          "url": "https://bugzilla.suse.com/1058624"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2017-12153"
    },
    {
      "cve": "CVE-2017-13080",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-13080"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-13080",
          "url": "https://www.suse.com/security/cve/CVE-2017-13080"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1056061 for CVE-2017-13080",
          "url": "https://bugzilla.suse.com/1056061"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1063479 for CVE-2017-13080",
          "url": "https://bugzilla.suse.com/1063479"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1063667 for CVE-2017-13080",
          "url": "https://bugzilla.suse.com/1063667"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1063671 for CVE-2017-13080",
          "url": "https://bugzilla.suse.com/1063671"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1066295 for CVE-2017-13080",
          "url": "https://bugzilla.suse.com/1066295"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105108 for CVE-2017-13080",
          "url": "https://bugzilla.suse.com/1105108"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178872 for CVE-2017-13080",
          "url": "https://bugzilla.suse.com/1178872"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179588 for CVE-2017-13080",
          "url": "https://bugzilla.suse.com/1179588"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-13080"
    },
    {
      "cve": "CVE-2017-14051",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-14051"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-14051",
          "url": "https://www.suse.com/security/cve/CVE-2017-14051"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1056588 for CVE-2017-14051",
          "url": "https://bugzilla.suse.com/1056588"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-14051"
    },
    {
      "cve": "CVE-2017-15129",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15129"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15129",
          "url": "https://www.suse.com/security/cve/CVE-2017-15129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074839 for CVE-2017-15129",
          "url": "https://bugzilla.suse.com/1074839"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-15129"
    },
    {
      "cve": "CVE-2017-15265",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15265"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15265",
          "url": "https://www.suse.com/security/cve/CVE-2017-15265"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1062520 for CVE-2017-15265",
          "url": "https://bugzilla.suse.com/1062520"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-15265",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-15265"
    },
    {
      "cve": "CVE-2017-16536",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-16536"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-16536",
          "url": "https://www.suse.com/security/cve/CVE-2017-16536"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1066606 for CVE-2017-16536",
          "url": "https://bugzilla.suse.com/1066606"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2017-16536",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146519 for CVE-2017-16536",
          "url": "https://bugzilla.suse.com/1146519"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-16536"
    },
    {
      "cve": "CVE-2017-16537",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-16537"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-16537",
          "url": "https://www.suse.com/security/cve/CVE-2017-16537"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1066573 for CVE-2017-16537",
          "url": "https://bugzilla.suse.com/1066573"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2017-16537",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146519 for CVE-2017-16537",
          "url": "https://bugzilla.suse.com/1146519"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-16537"
    },
    {
      "cve": "CVE-2017-16645",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-16645"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-16645",
          "url": "https://www.suse.com/security/cve/CVE-2017-16645"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1067132 for CVE-2017-16645",
          "url": "https://bugzilla.suse.com/1067132"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2017-16645",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146519 for CVE-2017-16645",
          "url": "https://bugzilla.suse.com/1146519"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-16645"
    },
    {
      "cve": "CVE-2017-16646",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-16646"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-16646",
          "url": "https://www.suse.com/security/cve/CVE-2017-16646"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1067105 for CVE-2017-16646",
          "url": "https://bugzilla.suse.com/1067105"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146519 for CVE-2017-16646",
          "url": "https://bugzilla.suse.com/1146519"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-16646"
    },
    {
      "cve": "CVE-2017-16647",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-16647"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-16647",
          "url": "https://www.suse.com/security/cve/CVE-2017-16647"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1067102 for CVE-2017-16647",
          "url": "https://bugzilla.suse.com/1067102"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146519 for CVE-2017-16647",
          "url": "https://bugzilla.suse.com/1146519"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-16647"
    },
    {
      "cve": "CVE-2017-16648",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-16648"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-16648",
          "url": "https://www.suse.com/security/cve/CVE-2017-16648"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1067087 for CVE-2017-16648",
          "url": "https://bugzilla.suse.com/1067087"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2017-16648",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146519 for CVE-2017-16648",
          "url": "https://bugzilla.suse.com/1146519"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-16648"
    },
    {
      "cve": "CVE-2017-16995",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-16995"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-16995",
          "url": "https://www.suse.com/security/cve/CVE-2017-16995"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1073928 for CVE-2017-16995",
          "url": "https://bugzilla.suse.com/1073928"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-16995"
    },
    {
      "cve": "CVE-2017-16996",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-16996"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-16996",
          "url": "https://www.suse.com/security/cve/CVE-2017-16996"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1073928 for CVE-2017-16996",
          "url": "https://bugzilla.suse.com/1073928"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-16996"
    },
    {
      "cve": "CVE-2017-17448",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-17448"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-17448",
          "url": "https://www.suse.com/security/cve/CVE-2017-17448"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1071693 for CVE-2017-17448",
          "url": "https://bugzilla.suse.com/1071693"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-17448"
    },
    {
      "cve": "CVE-2017-17449",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-17449"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-17449",
          "url": "https://www.suse.com/security/cve/CVE-2017-17449"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1071694 for CVE-2017-17449",
          "url": "https://bugzilla.suse.com/1071694"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-17449"
    },
    {
      "cve": "CVE-2017-17450",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-17450"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-17450",
          "url": "https://www.suse.com/security/cve/CVE-2017-17450"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1071695 for CVE-2017-17450",
          "url": "https://bugzilla.suse.com/1071695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074033 for CVE-2017-17450",
          "url": "https://bugzilla.suse.com/1074033"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-17450",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-17450"
    },
    {
      "cve": "CVE-2017-17852",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-17852"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-17852",
          "url": "https://www.suse.com/security/cve/CVE-2017-17852"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1073928 for CVE-2017-17852",
          "url": "https://bugzilla.suse.com/1073928"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-17852"
    },
    {
      "cve": "CVE-2017-17853",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-17853"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-17853",
          "url": "https://www.suse.com/security/cve/CVE-2017-17853"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1073928 for CVE-2017-17853",
          "url": "https://bugzilla.suse.com/1073928"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-17853"
    },
    {
      "cve": "CVE-2017-17854",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-17854"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-17854",
          "url": "https://www.suse.com/security/cve/CVE-2017-17854"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1073928 for CVE-2017-17854",
          "url": "https://bugzilla.suse.com/1073928"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-17854"
    },
    {
      "cve": "CVE-2017-17855",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-17855"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-17855",
          "url": "https://www.suse.com/security/cve/CVE-2017-17855"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1073928 for CVE-2017-17855",
          "url": "https://bugzilla.suse.com/1073928"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-17855"
    },
    {
      "cve": "CVE-2017-17856",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-17856"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-17856",
          "url": "https://www.suse.com/security/cve/CVE-2017-17856"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1073928 for CVE-2017-17856",
          "url": "https://bugzilla.suse.com/1073928"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-17856"
    },
    {
      "cve": "CVE-2017-17857",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-17857"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-17857",
          "url": "https://www.suse.com/security/cve/CVE-2017-17857"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1073928 for CVE-2017-17857",
          "url": "https://bugzilla.suse.com/1073928"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-17857"
    },
    {
      "cve": "CVE-2017-17862",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-17862"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-17862",
          "url": "https://www.suse.com/security/cve/CVE-2017-17862"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1073928 for CVE-2017-17862",
          "url": "https://bugzilla.suse.com/1073928"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-17862"
    },
    {
      "cve": "CVE-2017-5123",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5123"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5123",
          "url": "https://www.suse.com/security/cve/CVE-2017-5123"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1062473 for CVE-2017-5123",
          "url": "https://bugzilla.suse.com/1062473"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1122971 for CVE-2017-5123",
          "url": "https://bugzilla.suse.com/1122971"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-5123"
    },
    {
      "cve": "CVE-2017-5715",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5715"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5715",
          "url": "https://www.suse.com/security/cve/CVE-2017-5715"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1068032 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1068032"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074562 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1074562"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074578 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1074578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074701 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1074701"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074741 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1074741"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074919 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1074919"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075006 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1075006"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075007 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1075007"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075262 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1075262"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075419 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1075419"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1076115 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1076115"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1076372 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1076372"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1076606 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1076606"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1078353 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1078353"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1080039 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1080039"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087887 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1087887"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087939 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1087939"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1088147 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1088147"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1089055 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1089055"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091815 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1091815"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1095735 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1095735"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102517 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1102517"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105108 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1105108"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126516 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1126516"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173489 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1173489"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201457 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1201457"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1201877"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203236 for CVE-2017-5715",
          "url": "https://bugzilla.suse.com/1203236"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-5715"
    },
    {
      "cve": "CVE-2017-5753",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5753"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5753",
          "url": "https://www.suse.com/security/cve/CVE-2017-5753"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1068032 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1068032"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074562 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1074562"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074578 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1074578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074701 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1074701"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075006 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1075006"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075419 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1075419"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075748 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1075748"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1080039 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1080039"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087084 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1087084"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087939 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1087939"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1089055 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1089055"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1136865 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1136865"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1201877"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209547 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1209547"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-5753"
    },
    {
      "cve": "CVE-2017-5754",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5754"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5754",
          "url": "https://www.suse.com/security/cve/CVE-2017-5754"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1068032 for CVE-2017-5754",
          "url": "https://bugzilla.suse.com/1068032"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074562 for CVE-2017-5754",
          "url": "https://bugzilla.suse.com/1074562"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074578 for CVE-2017-5754",
          "url": "https://bugzilla.suse.com/1074578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074701 for CVE-2017-5754",
          "url": "https://bugzilla.suse.com/1074701"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075006 for CVE-2017-5754",
          "url": "https://bugzilla.suse.com/1075006"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075008 for CVE-2017-5754",
          "url": "https://bugzilla.suse.com/1075008"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087939 for CVE-2017-5754",
          "url": "https://bugzilla.suse.com/1087939"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1089055 for CVE-2017-5754",
          "url": "https://bugzilla.suse.com/1089055"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115045 for CVE-2017-5754",
          "url": "https://bugzilla.suse.com/1115045"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1136865 for CVE-2017-5754",
          "url": "https://bugzilla.suse.com/1136865"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2017-5754",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2017-5754",
          "url": "https://bugzilla.suse.com/1201877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-5754"
    },
    {
      "cve": "CVE-2017-7541",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7541"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7541",
          "url": "https://www.suse.com/security/cve/CVE-2017-7541"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1049645 for CVE-2017-7541",
          "url": "https://bugzilla.suse.com/1049645"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-7541"
    },
    {
      "cve": "CVE-2017-7542",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7542"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7542",
          "url": "https://www.suse.com/security/cve/CVE-2017-7542"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1049882 for CVE-2017-7542",
          "url": "https://bugzilla.suse.com/1049882"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1061936 for CVE-2017-7542",
          "url": "https://bugzilla.suse.com/1061936"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-7542"
    },
    {
      "cve": "CVE-2017-8824",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-8824"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-8824",
          "url": "https://www.suse.com/security/cve/CVE-2017-8824"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1070771 for CVE-2017-8824",
          "url": "https://bugzilla.suse.com/1070771"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1076734 for CVE-2017-8824",
          "url": "https://bugzilla.suse.com/1076734"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1092904 for CVE-2017-8824",
          "url": "https://bugzilla.suse.com/1092904"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-8824",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-8824"
    },
    {
      "cve": "CVE-2017-8831",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-8831"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a \"double fetch\" vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-8831",
          "url": "https://www.suse.com/security/cve/CVE-2017-8831"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1037994 for CVE-2017-8831",
          "url": "https://bugzilla.suse.com/1037994"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1061936 for CVE-2017-8831",
          "url": "https://bugzilla.suse.com/1061936"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2017-8831",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-8831",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-8831"
    },
    {
      "cve": "CVE-2018-1000004",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1000004"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1000004",
          "url": "https://www.suse.com/security/cve/CVE-2018-1000004"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1076017 for CVE-2018-1000004",
          "url": "https://bugzilla.suse.com/1076017"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091815 for CVE-2018-1000004",
          "url": "https://bugzilla.suse.com/1091815"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-1000004"
    },
    {
      "cve": "CVE-2018-10322",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10322"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10322",
          "url": "https://www.suse.com/security/cve/CVE-2018-10322"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2018-10322",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1090749 for CVE-2018-10322",
          "url": "https://bugzilla.suse.com/1090749"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-10322"
    },
    {
      "cve": "CVE-2018-10323",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10323"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10323",
          "url": "https://www.suse.com/security/cve/CVE-2018-10323"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2018-10323",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1090717 for CVE-2018-10323",
          "url": "https://bugzilla.suse.com/1090717"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-10323"
    },
    {
      "cve": "CVE-2018-1068",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1068"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the Linux 4.x kernel\u0027s implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1068",
          "url": "https://www.suse.com/security/cve/CVE-2018-1068"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1085107 for CVE-2018-1068",
          "url": "https://bugzilla.suse.com/1085107"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1085114 for CVE-2018-1068",
          "url": "https://bugzilla.suse.com/1085114"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2018-1068",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123903 for CVE-2018-1068",
          "url": "https://bugzilla.suse.com/1123903"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-1068"
    },
    {
      "cve": "CVE-2018-1118",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1118"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1118",
          "url": "https://www.suse.com/security/cve/CVE-2018-1118"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2018-1118",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1092472 for CVE-2018-1118",
          "url": "https://bugzilla.suse.com/1092472"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-1118"
    },
    {
      "cve": "CVE-2018-12232",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12232"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12232",
          "url": "https://www.suse.com/security/cve/CVE-2018-12232"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2018-12232",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1097593 for CVE-2018-12232",
          "url": "https://bugzilla.suse.com/1097593"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1125907 for CVE-2018-12232",
          "url": "https://bugzilla.suse.com/1125907"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1127757 for CVE-2018-12232",
          "url": "https://bugzilla.suse.com/1127757"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-12232"
    },
    {
      "cve": "CVE-2018-12714",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-12714"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via crafted perf_event_open and mmap system calls.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-12714",
          "url": "https://www.suse.com/security/cve/CVE-2018-12714"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1098933 for CVE-2018-12714",
          "url": "https://bugzilla.suse.com/1098933"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-12714"
    },
    {
      "cve": "CVE-2018-13053",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-13053"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-13053",
          "url": "https://www.suse.com/security/cve/CVE-2018-13053"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1099924 for CVE-2018-13053",
          "url": "https://bugzilla.suse.com/1099924"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2018-13053",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-13053"
    },
    {
      "cve": "CVE-2018-18710",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-18710"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-18710",
          "url": "https://www.suse.com/security/cve/CVE-2018-18710"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1113751 for CVE-2018-18710",
          "url": "https://bugzilla.suse.com/1113751"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-18710"
    },
    {
      "cve": "CVE-2018-19824",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-19824"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-19824",
          "url": "https://www.suse.com/security/cve/CVE-2018-19824"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118152 for CVE-2018-19824",
          "url": "https://bugzilla.suse.com/1118152"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-19824"
    },
    {
      "cve": "CVE-2018-5332",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5332"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5332",
          "url": "https://www.suse.com/security/cve/CVE-2018-5332"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075621 for CVE-2018-5332",
          "url": "https://bugzilla.suse.com/1075621"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091815 for CVE-2018-5332",
          "url": "https://bugzilla.suse.com/1091815"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2018-5332",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.6,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-5332"
    },
    {
      "cve": "CVE-2018-5333",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5333"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5333",
          "url": "https://www.suse.com/security/cve/CVE-2018-5333"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075617 for CVE-2018-5333",
          "url": "https://bugzilla.suse.com/1075617"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091815 for CVE-2018-5333",
          "url": "https://bugzilla.suse.com/1091815"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-5333"
    },
    {
      "cve": "CVE-2018-8043",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-8043"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-8043",
          "url": "https://www.suse.com/security/cve/CVE-2018-8043"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1084829 for CVE-2018-8043",
          "url": "https://bugzilla.suse.com/1084829"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 0,
            "baseSeverity": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-8043"
    },
    {
      "cve": "CVE-2018-8087",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-8087"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-8087",
          "url": "https://www.suse.com/security/cve/CVE-2018-8087"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1085053 for CVE-2018-8087",
          "url": "https://bugzilla.suse.com/1085053"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-8087"
    },
    {
      "cve": "CVE-2018-8822",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-8822"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-8822",
          "url": "https://www.suse.com/security/cve/CVE-2018-8822"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1086162 for CVE-2018-8822",
          "url": "https://bugzilla.suse.com/1086162"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1090404 for CVE-2018-8822",
          "url": "https://bugzilla.suse.com/1090404"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1091815 for CVE-2018-8822",
          "url": "https://bugzilla.suse.com/1091815"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-8822"
    },
    {
      "cve": "CVE-2019-10207",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-10207"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the Linux kernel\u0027s Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-10207",
          "url": "https://www.suse.com/security/cve/CVE-2019-10207"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123959 for CVE-2019-10207",
          "url": "https://bugzilla.suse.com/1123959"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1142857 for CVE-2019-10207",
          "url": "https://bugzilla.suse.com/1142857"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-10207"
    },
    {
      "cve": "CVE-2019-11477",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-11477"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-11477",
          "url": "https://www.suse.com/security/cve/CVE-2019-11477"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2019-11477",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137586 for CVE-2019-11477",
          "url": "https://bugzilla.suse.com/1137586"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1142129 for CVE-2019-11477",
          "url": "https://bugzilla.suse.com/1142129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1153242 for CVE-2019-11477",
          "url": "https://bugzilla.suse.com/1153242"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-11477"
    },
    {
      "cve": "CVE-2019-11478",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-11478"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-11478",
          "url": "https://www.suse.com/security/cve/CVE-2019-11478"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2019-11478",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137586 for CVE-2019-11478",
          "url": "https://bugzilla.suse.com/1137586"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1142129 for CVE-2019-11478",
          "url": "https://bugzilla.suse.com/1142129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1143542 for CVE-2019-11478",
          "url": "https://bugzilla.suse.com/1143542"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-11478"
    },
    {
      "cve": "CVE-2019-11479",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-11479"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-11479",
          "url": "https://www.suse.com/security/cve/CVE-2019-11479"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132686 for CVE-2019-11479",
          "url": "https://bugzilla.suse.com/1132686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1137586 for CVE-2019-11479",
          "url": "https://bugzilla.suse.com/1137586"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1142129 for CVE-2019-11479",
          "url": "https://bugzilla.suse.com/1142129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1143542 for CVE-2019-11479",
          "url": "https://bugzilla.suse.com/1143542"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-11479"
    },
    {
      "cve": "CVE-2019-14615",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14615"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14615",
          "url": "https://www.suse.com/security/cve/CVE-2019-14615"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1160195 for CVE-2019-14615",
          "url": "https://bugzilla.suse.com/1160195"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1165881 for CVE-2019-14615",
          "url": "https://bugzilla.suse.com/1165881"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-14615"
    },
    {
      "cve": "CVE-2019-14814",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14814"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14814",
          "url": "https://www.suse.com/security/cve/CVE-2019-14814"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146512 for CVE-2019-14814",
          "url": "https://bugzilla.suse.com/1146512"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173664 for CVE-2019-14814",
          "url": "https://bugzilla.suse.com/1173664"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173665 for CVE-2019-14814",
          "url": "https://bugzilla.suse.com/1173665"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-14814"
    },
    {
      "cve": "CVE-2019-14896",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14896"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14896",
          "url": "https://www.suse.com/security/cve/CVE-2019-14896"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1157157 for CVE-2019-14896",
          "url": "https://bugzilla.suse.com/1157157"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1160468 for CVE-2019-14896",
          "url": "https://bugzilla.suse.com/1160468"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-14896"
    },
    {
      "cve": "CVE-2019-15030",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-15030"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users\u0027 processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-15030",
          "url": "https://www.suse.com/security/cve/CVE-2019-15030"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149713 for CVE-2019-15030",
          "url": "https://bugzilla.suse.com/1149713"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-15030"
    },
    {
      "cve": "CVE-2019-15031",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-15031"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users\u0027 processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-15031",
          "url": "https://www.suse.com/security/cve/CVE-2019-15031"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149713 for CVE-2019-15031",
          "url": "https://bugzilla.suse.com/1149713"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-15031"
    },
    {
      "cve": "CVE-2019-15098",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-15098"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-15098",
          "url": "https://www.suse.com/security/cve/CVE-2019-15098"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146378 for CVE-2019-15098",
          "url": "https://bugzilla.suse.com/1146378"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146543 for CVE-2019-15098",
          "url": "https://bugzilla.suse.com/1146543"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-15098"
    },
    {
      "cve": "CVE-2019-15099",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-15099"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-15099",
          "url": "https://www.suse.com/security/cve/CVE-2019-15099"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146368 for CVE-2019-15099",
          "url": "https://bugzilla.suse.com/1146368"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-15099"
    },
    {
      "cve": "CVE-2019-15290",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-15290"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15098. Reason: This candidate is a duplicate of CVE-2019-15098. Notes: All CVE users should reference CVE-2019-15098 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-15290",
          "url": "https://www.suse.com/security/cve/CVE-2019-15290"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146378 for CVE-2019-15290",
          "url": "https://bugzilla.suse.com/1146378"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146519 for CVE-2019-15290",
          "url": "https://bugzilla.suse.com/1146519"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1146543 for CVE-2019-15290",
          "url": "https://bugzilla.suse.com/1146543"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158381 for CVE-2019-15290",
          "url": "https://bugzilla.suse.com/1158381"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158834 for CVE-2019-15290",
          "url": "https://bugzilla.suse.com/1158834"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-15290"
    },
    {
      "cve": "CVE-2019-15504",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-15504"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-15504",
          "url": "https://www.suse.com/security/cve/CVE-2019-15504"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1147116 for CVE-2019-15504",
          "url": "https://bugzilla.suse.com/1147116"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185852 for CVE-2019-15504",
          "url": "https://bugzilla.suse.com/1185852"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-15504"
    },
    {
      "cve": "CVE-2019-15902",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-15902"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream \"x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()\" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-15902",
          "url": "https://www.suse.com/security/cve/CVE-2019-15902"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149376 for CVE-2019-15902",
          "url": "https://bugzilla.suse.com/1149376"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1155131 for CVE-2019-15902",
          "url": "https://bugzilla.suse.com/1155131"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-15902"
    },
    {
      "cve": "CVE-2019-16231",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-16231"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-16231",
          "url": "https://www.suse.com/security/cve/CVE-2019-16231"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1150466 for CVE-2019-16231",
          "url": "https://bugzilla.suse.com/1150466"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-16231"
    },
    {
      "cve": "CVE-2019-16232",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-16232"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-16232",
          "url": "https://www.suse.com/security/cve/CVE-2019-16232"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1150465 for CVE-2019-16232",
          "url": "https://bugzilla.suse.com/1150465"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-16232"
    },
    {
      "cve": "CVE-2019-16234",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-16234"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-16234",
          "url": "https://www.suse.com/security/cve/CVE-2019-16234"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1150452 for CVE-2019-16234",
          "url": "https://bugzilla.suse.com/1150452"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-16234"
    },
    {
      "cve": "CVE-2019-17133",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17133"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17133",
          "url": "https://www.suse.com/security/cve/CVE-2019-17133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1153158 for CVE-2019-17133",
          "url": "https://bugzilla.suse.com/1153158"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1153161 for CVE-2019-17133",
          "url": "https://bugzilla.suse.com/1153161"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-17133"
    },
    {
      "cve": "CVE-2019-17666",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-17666"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-17666",
          "url": "https://www.suse.com/security/cve/CVE-2019-17666"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1154372 for CVE-2019-17666",
          "url": "https://bugzilla.suse.com/1154372"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-17666"
    },
    {
      "cve": "CVE-2019-18808",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-18808"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-18808",
          "url": "https://www.suse.com/security/cve/CVE-2019-18808"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1156259 for CVE-2019-18808",
          "url": "https://bugzilla.suse.com/1156259"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189884 for CVE-2019-18808",
          "url": "https://bugzilla.suse.com/1189884"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1190534 for CVE-2019-18808",
          "url": "https://bugzilla.suse.com/1190534"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-18808"
    },
    {
      "cve": "CVE-2019-18812",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-18812"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-18812",
          "url": "https://www.suse.com/security/cve/CVE-2019-18812"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1156277 for CVE-2019-18812",
          "url": "https://bugzilla.suse.com/1156277"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-18812"
    },
    {
      "cve": "CVE-2019-18813",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-18813"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-18813",
          "url": "https://www.suse.com/security/cve/CVE-2019-18813"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1156278 for CVE-2019-18813",
          "url": "https://bugzilla.suse.com/1156278"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-18813"
    },
    {
      "cve": "CVE-2019-19252",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-19252"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-19252",
          "url": "https://www.suse.com/security/cve/CVE-2019-19252"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1157813 for CVE-2019-19252",
          "url": "https://bugzilla.suse.com/1157813"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-19252"
    },
    {
      "cve": "CVE-2019-19332",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-19332"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel\u0027s KVM hypervisor handled the \u0027KVM_GET_EMULATED_CPUID\u0027 ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the \u0027/dev/kvm\u0027 device could use this flaw to crash the system, resulting in a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-19332",
          "url": "https://www.suse.com/security/cve/CVE-2019-19332"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158827 for CVE-2019-19332",
          "url": "https://bugzilla.suse.com/1158827"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-19332"
    },
    {
      "cve": "CVE-2019-19338",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-19338"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has \u0027TSX\u0027 enabled. Confidentiality of data is the highest threat associated with this vulnerability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-19338",
          "url": "https://www.suse.com/security/cve/CVE-2019-19338"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158954 for CVE-2019-19338",
          "url": "https://bugzilla.suse.com/1158954"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-19338"
    },
    {
      "cve": "CVE-2019-3016",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-3016"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-3016",
          "url": "https://www.suse.com/security/cve/CVE-2019-3016"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1159281 for CVE-2019-3016",
          "url": "https://bugzilla.suse.com/1159281"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1161154 for CVE-2019-3016",
          "url": "https://bugzilla.suse.com/1161154"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-3016"
    },
    {
      "cve": "CVE-2019-3846",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-3846"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-3846",
          "url": "https://www.suse.com/security/cve/CVE-2019-3846"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1136424 for CVE-2019-3846",
          "url": "https://bugzilla.suse.com/1136424"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1136446 for CVE-2019-3846",
          "url": "https://bugzilla.suse.com/1136446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1156330 for CVE-2019-3846",
          "url": "https://bugzilla.suse.com/1156330"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-3846"
    },
    {
      "cve": "CVE-2019-3882",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-3882"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the Linux kernel\u0027s vfio interface implementation that permits violation of the user\u0027s locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-3882",
          "url": "https://www.suse.com/security/cve/CVE-2019-3882"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1131416 for CVE-2019-3882",
          "url": "https://bugzilla.suse.com/1131416"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1131427 for CVE-2019-3882",
          "url": "https://bugzilla.suse.com/1131427"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1133319 for CVE-2019-3882",
          "url": "https://bugzilla.suse.com/1133319"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-3882"
    },
    {
      "cve": "CVE-2019-3887",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-3887"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0\u0027s APIC register values via L2 guest, when \u0027virtualize x2APIC mode\u0027 is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-3887",
          "url": "https://www.suse.com/security/cve/CVE-2019-3887"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1131800 for CVE-2019-3887",
          "url": "https://bugzilla.suse.com/1131800"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-3887"
    },
    {
      "cve": "CVE-2019-6974",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-6974"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-6974",
          "url": "https://www.suse.com/security/cve/CVE-2019-6974"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124728 for CVE-2019-6974",
          "url": "https://bugzilla.suse.com/1124728"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124729 for CVE-2019-6974",
          "url": "https://bugzilla.suse.com/1124729"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-6974"
    },
    {
      "cve": "CVE-2019-7221",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7221"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7221",
          "url": "https://www.suse.com/security/cve/CVE-2019-7221"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124732 for CVE-2019-7221",
          "url": "https://bugzilla.suse.com/1124732"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124734 for CVE-2019-7221",
          "url": "https://bugzilla.suse.com/1124734"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7221"
    },
    {
      "cve": "CVE-2019-7222",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7222"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7222",
          "url": "https://www.suse.com/security/cve/CVE-2019-7222"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124735 for CVE-2019-7222",
          "url": "https://bugzilla.suse.com/1124735"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-7222"
    },
    {
      "cve": "CVE-2019-8564",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-8564"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-8564",
          "url": "https://www.suse.com/security/cve/CVE-2019-8564"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132673 for CVE-2019-8564",
          "url": "https://bugzilla.suse.com/1132673"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132828 for CVE-2019-8564",
          "url": "https://bugzilla.suse.com/1132828"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-8564"
    },
    {
      "cve": "CVE-2019-8912",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-8912"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-8912",
          "url": "https://www.suse.com/security/cve/CVE-2019-8912"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1125907 for CVE-2019-8912",
          "url": "https://bugzilla.suse.com/1125907"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126284 for CVE-2019-8912",
          "url": "https://bugzilla.suse.com/1126284"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-8912"
    },
    {
      "cve": "CVE-2019-9500",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-9500"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-9500",
          "url": "https://www.suse.com/security/cve/CVE-2019-9500"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1132681 for CVE-2019-9500",
          "url": "https://bugzilla.suse.com/1132681"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-9500"
    },
    {
      "cve": "CVE-2020-10135",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-10135"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-10135",
          "url": "https://www.suse.com/security/cve/CVE-2020-10135"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171988 for CVE-2020-10135",
          "url": "https://bugzilla.suse.com/1171988"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-10135"
    },
    {
      "cve": "CVE-2020-10766",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-10766"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-10766",
          "url": "https://www.suse.com/security/cve/CVE-2020-10766"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1159281 for CVE-2020-10766",
          "url": "https://bugzilla.suse.com/1159281"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172781 for CVE-2020-10766",
          "url": "https://bugzilla.suse.com/1172781"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-10766"
    },
    {
      "cve": "CVE-2020-10767",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-10767"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-10767",
          "url": "https://www.suse.com/security/cve/CVE-2020-10767"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1159281 for CVE-2020-10767",
          "url": "https://bugzilla.suse.com/1159281"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172782 for CVE-2020-10767",
          "url": "https://bugzilla.suse.com/1172782"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-10767"
    },
    {
      "cve": "CVE-2020-10768",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-10768"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being \u0027force disabled\u0027 when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-10768",
          "url": "https://www.suse.com/security/cve/CVE-2020-10768"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1159281 for CVE-2020-10768",
          "url": "https://bugzilla.suse.com/1159281"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172783 for CVE-2020-10768",
          "url": "https://bugzilla.suse.com/1172783"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-10768"
    },
    {
      "cve": "CVE-2020-12351",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-12351"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-12351",
          "url": "https://www.suse.com/security/cve/CVE-2020-12351"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1177724 for CVE-2020-12351",
          "url": "https://bugzilla.suse.com/1177724"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1177729 for CVE-2020-12351",
          "url": "https://bugzilla.suse.com/1177729"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178397 for CVE-2020-12351",
          "url": "https://bugzilla.suse.com/1178397"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-12351"
    },
    {
      "cve": "CVE-2020-12352",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-12352"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-12352",
          "url": "https://www.suse.com/security/cve/CVE-2020-12352"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1177725 for CVE-2020-12352",
          "url": "https://bugzilla.suse.com/1177725"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178398 for CVE-2020-12352",
          "url": "https://bugzilla.suse.com/1178398"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-12352"
    },
    {
      "cve": "CVE-2020-14331",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-14331"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the Linux kernel\u0027s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-14331",
          "url": "https://www.suse.com/security/cve/CVE-2020-14331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174205 for CVE-2020-14331",
          "url": "https://bugzilla.suse.com/1174205"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1174247 for CVE-2020-14331",
          "url": "https://bugzilla.suse.com/1174247"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-14331"
    },
    {
      "cve": "CVE-2020-14386",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-14386"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-14386",
          "url": "https://www.suse.com/security/cve/CVE-2020-14386"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1176069 for CVE-2020-14386",
          "url": "https://bugzilla.suse.com/1176069"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1176072 for CVE-2020-14386",
          "url": "https://bugzilla.suse.com/1176072"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-14386"
    },
    {
      "cve": "CVE-2020-24586",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-24586"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-24586",
          "url": "https://www.suse.com/security/cve/CVE-2020-24586"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185859 for CVE-2020-24586",
          "url": "https://bugzilla.suse.com/1185859"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192868 for CVE-2020-24586",
          "url": "https://bugzilla.suse.com/1192868"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-24586"
    },
    {
      "cve": "CVE-2020-24587",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-24587"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-24587",
          "url": "https://www.suse.com/security/cve/CVE-2020-24587"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185859 for CVE-2020-24587",
          "url": "https://bugzilla.suse.com/1185859"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185862 for CVE-2020-24587",
          "url": "https://bugzilla.suse.com/1185862"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192868 for CVE-2020-24587",
          "url": "https://bugzilla.suse.com/1192868"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-24587"
    },
    {
      "cve": "CVE-2020-24588",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-24588"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-24588",
          "url": "https://www.suse.com/security/cve/CVE-2020-24588"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185861 for CVE-2020-24588",
          "url": "https://bugzilla.suse.com/1185861"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192868 for CVE-2020-24588",
          "url": "https://bugzilla.suse.com/1192868"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199701 for CVE-2020-24588",
          "url": "https://bugzilla.suse.com/1199701"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-24588"
    },
    {
      "cve": "CVE-2020-25639",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25639"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A NULL pointer dereference flaw was found in the Linux kernel\u0027s GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25639",
          "url": "https://www.suse.com/security/cve/CVE-2020-25639"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1176846 for CVE-2020-25639",
          "url": "https://bugzilla.suse.com/1176846"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-25639"
    },
    {
      "cve": "CVE-2020-25656",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25656"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25656",
          "url": "https://www.suse.com/security/cve/CVE-2020-25656"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1177766 for CVE-2020-25656",
          "url": "https://bugzilla.suse.com/1177766"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-25656"
    },
    {
      "cve": "CVE-2020-25668",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-25668"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-25668",
          "url": "https://www.suse.com/security/cve/CVE-2020-25668"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178123 for CVE-2020-25668",
          "url": "https://bugzilla.suse.com/1178123"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178622 for CVE-2020-25668",
          "url": "https://bugzilla.suse.com/1178622"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196914 for CVE-2020-25668",
          "url": "https://bugzilla.suse.com/1196914"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-25668"
    },
    {
      "cve": "CVE-2020-26141",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-26141"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-26141",
          "url": "https://www.suse.com/security/cve/CVE-2020-26141"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185987 for CVE-2020-26141",
          "url": "https://bugzilla.suse.com/1185987"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-26141"
    },
    {
      "cve": "CVE-2020-2732",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-2732"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-2732",
          "url": "https://www.suse.com/security/cve/CVE-2020-2732"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1163971 for CVE-2020-2732",
          "url": "https://bugzilla.suse.com/1163971"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-2732"
    },
    {
      "cve": "CVE-2020-29660",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-29660"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-29660",
          "url": "https://www.suse.com/security/cve/CVE-2020-29660"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179745 for CVE-2020-29660",
          "url": "https://bugzilla.suse.com/1179745"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179877 for CVE-2020-29660",
          "url": "https://bugzilla.suse.com/1179877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-29660"
    },
    {
      "cve": "CVE-2020-29661",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-29661"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-29661",
          "url": "https://www.suse.com/security/cve/CVE-2020-29661"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179745 for CVE-2020-29661",
          "url": "https://bugzilla.suse.com/1179745"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179877 for CVE-2020-29661",
          "url": "https://bugzilla.suse.com/1179877"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1214268 for CVE-2020-29661",
          "url": "https://bugzilla.suse.com/1214268"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218966 for CVE-2020-29661",
          "url": "https://bugzilla.suse.com/1218966"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-29661"
    },
    {
      "cve": "CVE-2020-8648",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8648"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8648",
          "url": "https://www.suse.com/security/cve/CVE-2020-8648"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1162928 for CVE-2020-8648",
          "url": "https://bugzilla.suse.com/1162928"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8648"
    },
    {
      "cve": "CVE-2020-8694",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8694"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8694",
          "url": "https://www.suse.com/security/cve/CVE-2020-8694"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170415 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1170415"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1170446 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1170446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178591 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1178591"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178700 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1178700"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1179661 for CVE-2020-8694",
          "url": "https://bugzilla.suse.com/1179661"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8694"
    },
    {
      "cve": "CVE-2021-23133",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-23133"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)-\u003esctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-23133",
          "url": "https://www.suse.com/security/cve/CVE-2021-23133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184675 for CVE-2021-23133",
          "url": "https://bugzilla.suse.com/1184675"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185901 for CVE-2021-23133",
          "url": "https://bugzilla.suse.com/1185901"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-23133"
    },
    {
      "cve": "CVE-2021-26708",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-26708"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-26708",
          "url": "https://www.suse.com/security/cve/CVE-2021-26708"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1181806 for CVE-2021-26708",
          "url": "https://bugzilla.suse.com/1181806"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183298 for CVE-2021-26708",
          "url": "https://bugzilla.suse.com/1183298"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-26708"
    },
    {
      "cve": "CVE-2021-28971",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-28971"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-28971",
          "url": "https://www.suse.com/security/cve/CVE-2021-28971"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184196 for CVE-2021-28971",
          "url": "https://bugzilla.suse.com/1184196"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-28971"
    },
    {
      "cve": "CVE-2021-32606",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-32606"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-32606",
          "url": "https://www.suse.com/security/cve/CVE-2021-32606"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185953 for CVE-2021-32606",
          "url": "https://bugzilla.suse.com/1185953"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-32606"
    },
    {
      "cve": "CVE-2021-33909",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-33909"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-33909",
          "url": "https://www.suse.com/security/cve/CVE-2021-33909"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188062 for CVE-2021-33909",
          "url": "https://bugzilla.suse.com/1188062"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188063 for CVE-2021-33909",
          "url": "https://bugzilla.suse.com/1188063"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188257 for CVE-2021-33909",
          "url": "https://bugzilla.suse.com/1188257"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189302 for CVE-2021-33909",
          "url": "https://bugzilla.suse.com/1189302"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1190859 for CVE-2021-33909",
          "url": "https://bugzilla.suse.com/1190859"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-33909"
    },
    {
      "cve": "CVE-2021-3483",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3483"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3483",
          "url": "https://www.suse.com/security/cve/CVE-2021-3483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184393 for CVE-2021-3483",
          "url": "https://bugzilla.suse.com/1184393"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-3483"
    },
    {
      "cve": "CVE-2021-3489",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3489"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (\"bpf, ringbuf: Deny reserve of buffers larger than ringbuf\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (\"bpf: Implement BPF ring buffer and verifier support for it\") (v5.8-rc1).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3489",
          "url": "https://www.suse.com/security/cve/CVE-2021-3489"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185640 for CVE-2021-3489",
          "url": "https://bugzilla.suse.com/1185640"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185856 for CVE-2021-3489",
          "url": "https://bugzilla.suse.com/1185856"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-3489"
    },
    {
      "cve": "CVE-2021-3490",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3490"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e (\"bpf: Fix alu32 const subreg bound tracking on bitwise operations\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 (\"bpf: Verifier, do explicit ALU32 bounds tracking\") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 (\"bpf:Fix a verifier failure with xor\") ( 5.10-rc1).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3490",
          "url": "https://www.suse.com/security/cve/CVE-2021-3490"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185641 for CVE-2021-3490",
          "url": "https://bugzilla.suse.com/1185641"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185796 for CVE-2021-3490",
          "url": "https://bugzilla.suse.com/1185796"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-3490"
    },
    {
      "cve": "CVE-2021-3491",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3491"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/\u003cPID\u003e/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b (\"io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers\") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c (\"io_uring: add IORING_OP_PROVIDE_BUFFERS\") (v5.7-rc1).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3491",
          "url": "https://www.suse.com/security/cve/CVE-2021-3491"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185642 for CVE-2021-3491",
          "url": "https://bugzilla.suse.com/1185642"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1187090 for CVE-2021-3491",
          "url": "https://bugzilla.suse.com/1187090"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-3491"
    },
    {
      "cve": "CVE-2021-3542",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3542"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3542",
          "url": "https://www.suse.com/security/cve/CVE-2021-3542"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1184673 for CVE-2021-3542",
          "url": "https://bugzilla.suse.com/1184673"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1186063 for CVE-2021-3542",
          "url": "https://bugzilla.suse.com/1186063"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-3542"
    },
    {
      "cve": "CVE-2021-3640",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3640"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3640",
          "url": "https://www.suse.com/security/cve/CVE-2021-3640"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188172 for CVE-2021-3640",
          "url": "https://bugzilla.suse.com/1188172"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188613 for CVE-2021-3640",
          "url": "https://bugzilla.suse.com/1188613"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1191530 for CVE-2021-3640",
          "url": "https://bugzilla.suse.com/1191530"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196810 for CVE-2021-3640",
          "url": "https://bugzilla.suse.com/1196810"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196914 for CVE-2021-3640",
          "url": "https://bugzilla.suse.com/1196914"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-3640"
    },
    {
      "cve": "CVE-2021-3653",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3653"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the KVM\u0027s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"int_ctl\" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3653",
          "url": "https://www.suse.com/security/cve/CVE-2021-3653"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189399 for CVE-2021-3653",
          "url": "https://bugzilla.suse.com/1189399"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189420 for CVE-2021-3653",
          "url": "https://bugzilla.suse.com/1189420"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196914 for CVE-2021-3653",
          "url": "https://bugzilla.suse.com/1196914"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-3653"
    },
    {
      "cve": "CVE-2021-3656",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3656"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the KVM\u0027s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"virt_ext\" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3656",
          "url": "https://www.suse.com/security/cve/CVE-2021-3656"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189400 for CVE-2021-3656",
          "url": "https://bugzilla.suse.com/1189400"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189418 for CVE-2021-3656",
          "url": "https://bugzilla.suse.com/1189418"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-3656"
    },
    {
      "cve": "CVE-2021-3744",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3744"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3744",
          "url": "https://www.suse.com/security/cve/CVE-2021-3744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189884 for CVE-2021-3744",
          "url": "https://bugzilla.suse.com/1189884"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1190534 for CVE-2021-3744",
          "url": "https://bugzilla.suse.com/1190534"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-3744"
    },
    {
      "cve": "CVE-2021-3753",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3753"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3753",
          "url": "https://www.suse.com/security/cve/CVE-2021-3753"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1190025 for CVE-2021-3753",
          "url": "https://bugzilla.suse.com/1190025"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-3753"
    },
    {
      "cve": "CVE-2021-37576",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-37576"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-37576",
          "url": "https://www.suse.com/security/cve/CVE-2021-37576"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188838 for CVE-2021-37576",
          "url": "https://bugzilla.suse.com/1188838"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188842 for CVE-2021-37576",
          "url": "https://bugzilla.suse.com/1188842"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1190276 for CVE-2021-37576",
          "url": "https://bugzilla.suse.com/1190276"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-37576"
    },
    {
      "cve": "CVE-2021-3759",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3759"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A memory overflow vulnerability was found in the Linux kernel\u0027s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3759",
          "url": "https://www.suse.com/security/cve/CVE-2021-3759"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1190115 for CVE-2021-3759",
          "url": "https://bugzilla.suse.com/1190115"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-3759"
    },
    {
      "cve": "CVE-2021-38166",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-38166"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-38166",
          "url": "https://www.suse.com/security/cve/CVE-2021-38166"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1189233 for CVE-2021-38166",
          "url": "https://bugzilla.suse.com/1189233"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-38166"
    },
    {
      "cve": "CVE-2021-43976",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-43976"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-43976",
          "url": "https://www.suse.com/security/cve/CVE-2021-43976"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1192847 for CVE-2021-43976",
          "url": "https://bugzilla.suse.com/1192847"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-43976"
    },
    {
      "cve": "CVE-2022-0185",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-0185"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-0185",
          "url": "https://www.suse.com/security/cve/CVE-2022-0185"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1194517 for CVE-2022-0185",
          "url": "https://bugzilla.suse.com/1194517"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1194737 for CVE-2022-0185",
          "url": "https://bugzilla.suse.com/1194737"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-0185"
    },
    {
      "cve": "CVE-2022-0330",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-0330"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A random memory access flaw was found in the Linux kernel\u0027s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-0330",
          "url": "https://www.suse.com/security/cve/CVE-2022-0330"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1194880 for CVE-2022-0330",
          "url": "https://bugzilla.suse.com/1194880"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1195950 for CVE-2022-0330",
          "url": "https://bugzilla.suse.com/1195950"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-0330"
    },
    {
      "cve": "CVE-2022-0847",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-0847"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-0847",
          "url": "https://www.suse.com/security/cve/CVE-2022-0847"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196584 for CVE-2022-0847",
          "url": "https://bugzilla.suse.com/1196584"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196601 for CVE-2022-0847",
          "url": "https://bugzilla.suse.com/1196601"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-0847"
    },
    {
      "cve": "CVE-2022-0886",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-0886"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-27666. Reason: This candidate is a reservation duplicate of CVE-2022-27666. Notes: All CVE users should reference CVE-2022-27666 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-0886",
          "url": "https://www.suse.com/security/cve/CVE-2022-0886"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1197131 for CVE-2022-0886",
          "url": "https://bugzilla.suse.com/1197131"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1197133 for CVE-2022-0886",
          "url": "https://bugzilla.suse.com/1197133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1197462 for CVE-2022-0886",
          "url": "https://bugzilla.suse.com/1197462"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-0886"
    },
    {
      "cve": "CVE-2022-1462",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-1462"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out-of-bounds read flaw was found in the Linux kernel\u0027s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-1462",
          "url": "https://www.suse.com/security/cve/CVE-2022-1462"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1198829 for CVE-2022-1462",
          "url": "https://bugzilla.suse.com/1198829"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-1462"
    },
    {
      "cve": "CVE-2022-1516",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-1516"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A NULL pointer dereference flaw was found in the Linux kernel\u0027s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-1516",
          "url": "https://www.suse.com/security/cve/CVE-2022-1516"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199012 for CVE-2022-1516",
          "url": "https://bugzilla.suse.com/1199012"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-1516"
    },
    {
      "cve": "CVE-2022-1679",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-1679"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free flaw was found in the Linux kernel\u0027s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-1679",
          "url": "https://www.suse.com/security/cve/CVE-2022-1679"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199487 for CVE-2022-1679",
          "url": "https://bugzilla.suse.com/1199487"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201080 for CVE-2022-1679",
          "url": "https://bugzilla.suse.com/1201080"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201832 for CVE-2022-1679",
          "url": "https://bugzilla.suse.com/1201832"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204132 for CVE-2022-1679",
          "url": "https://bugzilla.suse.com/1204132"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1212316 for CVE-2022-1679",
          "url": "https://bugzilla.suse.com/1212316"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-1679"
    },
    {
      "cve": "CVE-2022-1729",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-1729"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-1729",
          "url": "https://www.suse.com/security/cve/CVE-2022-1729"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199507 for CVE-2022-1729",
          "url": "https://bugzilla.suse.com/1199507"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199697 for CVE-2022-1729",
          "url": "https://bugzilla.suse.com/1199697"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201832 for CVE-2022-1729",
          "url": "https://bugzilla.suse.com/1201832"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-1729"
    },
    {
      "cve": "CVE-2022-1852",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-1852"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A NULL pointer dereference flaw was found in the Linux kernel\u0027s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-1852",
          "url": "https://www.suse.com/security/cve/CVE-2022-1852"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199875 for CVE-2022-1852",
          "url": "https://bugzilla.suse.com/1199875"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-1852"
    },
    {
      "cve": "CVE-2022-1966",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-1966"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-1966",
          "url": "https://www.suse.com/security/cve/CVE-2022-1966"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200015 for CVE-2022-1966",
          "url": "https://bugzilla.suse.com/1200015"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200268 for CVE-2022-1966",
          "url": "https://bugzilla.suse.com/1200268"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200494 for CVE-2022-1966",
          "url": "https://bugzilla.suse.com/1200494"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200529 for CVE-2022-1966",
          "url": "https://bugzilla.suse.com/1200529"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-1966"
    },
    {
      "cve": "CVE-2022-1972",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-1972"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2078. Reason: This candidate is a reservation duplicate of CVE-2022-2078. Notes: All CVE users should reference CVE-2022-2078 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-1972",
          "url": "https://www.suse.com/security/cve/CVE-2022-1972"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200019 for CVE-2022-1972",
          "url": "https://bugzilla.suse.com/1200019"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200266 for CVE-2022-1972",
          "url": "https://bugzilla.suse.com/1200266"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-1972"
    },
    {
      "cve": "CVE-2022-1973",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-1973"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-1973",
          "url": "https://www.suse.com/security/cve/CVE-2022-1973"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1200023 for CVE-2022-1973",
          "url": "https://bugzilla.suse.com/1200023"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-1973"
    },
    {
      "cve": "CVE-2022-22942",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-22942"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling \u0027file\u0027 pointer.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-22942",
          "url": "https://www.suse.com/security/cve/CVE-2022-22942"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1195065 for CVE-2022-22942",
          "url": "https://bugzilla.suse.com/1195065"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1195951 for CVE-2022-22942",
          "url": "https://bugzilla.suse.com/1195951"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-22942"
    },
    {
      "cve": "CVE-2022-2308",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-2308"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-2308",
          "url": "https://www.suse.com/security/cve/CVE-2022-2308"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1202573 for CVE-2022-2308",
          "url": "https://bugzilla.suse.com/1202573"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-2308"
    },
    {
      "cve": "CVE-2022-24958",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-24958"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev-\u003ebuf release.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-24958",
          "url": "https://www.suse.com/security/cve/CVE-2022-24958"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1195905 for CVE-2022-24958",
          "url": "https://bugzilla.suse.com/1195905"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-24958"
    },
    {
      "cve": "CVE-2022-2588",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-2588"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-2588",
          "url": "https://www.suse.com/security/cve/CVE-2022-2588"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1202096 for CVE-2022-2588",
          "url": "https://bugzilla.suse.com/1202096"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203613 for CVE-2022-2588",
          "url": "https://bugzilla.suse.com/1203613"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204183 for CVE-2022-2588",
          "url": "https://bugzilla.suse.com/1204183"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-2588",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-2588"
    },
    {
      "cve": "CVE-2022-2590",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-2590"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A race condition was found in the way the Linux kernel\u0027s memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-2590",
          "url": "https://www.suse.com/security/cve/CVE-2022-2590"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1202013 for CVE-2022-2590",
          "url": "https://bugzilla.suse.com/1202013"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1202089 for CVE-2022-2590",
          "url": "https://bugzilla.suse.com/1202089"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-2590"
    },
    {
      "cve": "CVE-2022-26490",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-26490"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-26490",
          "url": "https://www.suse.com/security/cve/CVE-2022-26490"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1196830 for CVE-2022-26490",
          "url": "https://bugzilla.suse.com/1196830"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201656 for CVE-2022-26490",
          "url": "https://bugzilla.suse.com/1201656"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201969 for CVE-2022-26490",
          "url": "https://bugzilla.suse.com/1201969"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211495 for CVE-2022-26490",
          "url": "https://bugzilla.suse.com/1211495"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-26490"
    },
    {
      "cve": "CVE-2022-28388",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-28388"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-28388",
          "url": "https://www.suse.com/security/cve/CVE-2022-28388"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1198032 for CVE-2022-28388",
          "url": "https://bugzilla.suse.com/1198032"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-28388"
    },
    {
      "cve": "CVE-2022-28389",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-28389"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-28389",
          "url": "https://www.suse.com/security/cve/CVE-2022-28389"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1198033 for CVE-2022-28389",
          "url": "https://bugzilla.suse.com/1198033"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201657 for CVE-2022-28389",
          "url": "https://bugzilla.suse.com/1201657"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-28389"
    },
    {
      "cve": "CVE-2022-28390",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-28390"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-28390",
          "url": "https://www.suse.com/security/cve/CVE-2022-28390"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1198031 for CVE-2022-28390",
          "url": "https://bugzilla.suse.com/1198031"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201517 for CVE-2022-28390",
          "url": "https://bugzilla.suse.com/1201517"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207969 for CVE-2022-28390",
          "url": "https://bugzilla.suse.com/1207969"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-28390"
    },
    {
      "cve": "CVE-2022-28893",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-28893"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-28893",
          "url": "https://www.suse.com/security/cve/CVE-2022-28893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1198330 for CVE-2022-28893",
          "url": "https://bugzilla.suse.com/1198330"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-28893"
    },
    {
      "cve": "CVE-2022-29900",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-29900"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-29900",
          "url": "https://www.suse.com/security/cve/CVE-2022-29900"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199657 for CVE-2022-29900",
          "url": "https://bugzilla.suse.com/1199657"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201469 for CVE-2022-29900",
          "url": "https://bugzilla.suse.com/1201469"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207894 for CVE-2022-29900",
          "url": "https://bugzilla.suse.com/1207894"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-29900"
    },
    {
      "cve": "CVE-2022-29901",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-29901"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-29901",
          "url": "https://www.suse.com/security/cve/CVE-2022-29901"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199657 for CVE-2022-29901",
          "url": "https://bugzilla.suse.com/1199657"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201469 for CVE-2022-29901",
          "url": "https://bugzilla.suse.com/1201469"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207894 for CVE-2022-29901",
          "url": "https://bugzilla.suse.com/1207894"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-29901"
    },
    {
      "cve": "CVE-2022-29968",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-29968"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb-\u003eprivate.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-29968",
          "url": "https://www.suse.com/security/cve/CVE-2022-29968"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199087 for CVE-2022-29968",
          "url": "https://bugzilla.suse.com/1199087"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2022-29968"
    },
    {
      "cve": "CVE-2022-3424",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-3424"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free flaw was found in the Linux kernel\u0027s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-3424",
          "url": "https://www.suse.com/security/cve/CVE-2022-3424"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204166 for CVE-2022-3424",
          "url": "https://bugzilla.suse.com/1204166"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204167 for CVE-2022-3424",
          "url": "https://bugzilla.suse.com/1204167"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208044 for CVE-2022-3424",
          "url": "https://bugzilla.suse.com/1208044"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1212309 for CVE-2022-3424",
          "url": "https://bugzilla.suse.com/1212309"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-3424"
    },
    {
      "cve": "CVE-2022-34918",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-34918"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-34918",
          "url": "https://www.suse.com/security/cve/CVE-2022-34918"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201171 for CVE-2022-34918",
          "url": "https://bugzilla.suse.com/1201171"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201177 for CVE-2022-34918",
          "url": "https://bugzilla.suse.com/1201177"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201222 for CVE-2022-34918",
          "url": "https://bugzilla.suse.com/1201222"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-34918"
    },
    {
      "cve": "CVE-2022-3628",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-3628"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-3628",
          "url": "https://www.suse.com/security/cve/CVE-2022-3628"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204868 for CVE-2022-3628",
          "url": "https://bugzilla.suse.com/1204868"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-3628"
    },
    {
      "cve": "CVE-2022-3640",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-3640"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-3640",
          "url": "https://www.suse.com/security/cve/CVE-2022-3640"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204619 for CVE-2022-3640",
          "url": "https://bugzilla.suse.com/1204619"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204624 for CVE-2022-3640",
          "url": "https://bugzilla.suse.com/1204624"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-3640",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-3640"
    },
    {
      "cve": "CVE-2022-40982",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-40982"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-40982",
          "url": "https://www.suse.com/security/cve/CVE-2022-40982"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1206418 for CVE-2022-40982",
          "url": "https://bugzilla.suse.com/1206418"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215674 for CVE-2022-40982",
          "url": "https://bugzilla.suse.com/1215674"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-40982"
    },
    {
      "cve": "CVE-2022-41218",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-41218"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-41218",
          "url": "https://www.suse.com/security/cve/CVE-2022-41218"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1202960 for CVE-2022-41218",
          "url": "https://bugzilla.suse.com/1202960"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203606 for CVE-2022-41218",
          "url": "https://bugzilla.suse.com/1203606"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1205313 for CVE-2022-41218",
          "url": "https://bugzilla.suse.com/1205313"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-41218",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-41218"
    },
    {
      "cve": "CVE-2022-41674",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-41674"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-41674",
          "url": "https://www.suse.com/security/cve/CVE-2022-41674"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203770 for CVE-2022-41674",
          "url": "https://bugzilla.suse.com/1203770"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203994 for CVE-2022-41674",
          "url": "https://bugzilla.suse.com/1203994"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-41674",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-41674"
    },
    {
      "cve": "CVE-2022-42719",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42719"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42719",
          "url": "https://www.suse.com/security/cve/CVE-2022-42719"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204051 for CVE-2022-42719",
          "url": "https://bugzilla.suse.com/1204051"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204292 for CVE-2022-42719",
          "url": "https://bugzilla.suse.com/1204292"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-42719",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-42719"
    },
    {
      "cve": "CVE-2022-42720",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42720"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42720",
          "url": "https://www.suse.com/security/cve/CVE-2022-42720"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204059 for CVE-2022-42720",
          "url": "https://bugzilla.suse.com/1204059"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204291 for CVE-2022-42720",
          "url": "https://bugzilla.suse.com/1204291"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-42720",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-42720"
    },
    {
      "cve": "CVE-2022-42721",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42721"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42721",
          "url": "https://www.suse.com/security/cve/CVE-2022-42721"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204060 for CVE-2022-42721",
          "url": "https://bugzilla.suse.com/1204060"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204290 for CVE-2022-42721",
          "url": "https://bugzilla.suse.com/1204290"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-42721",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-42721"
    },
    {
      "cve": "CVE-2022-42722",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42722"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42722",
          "url": "https://www.suse.com/security/cve/CVE-2022-42722"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204125 for CVE-2022-42722",
          "url": "https://bugzilla.suse.com/1204125"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204289 for CVE-2022-42722",
          "url": "https://bugzilla.suse.com/1204289"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-42722",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-42722"
    },
    {
      "cve": "CVE-2022-4379",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-4379"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-4379",
          "url": "https://www.suse.com/security/cve/CVE-2022-4379"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1206209 for CVE-2022-4379",
          "url": "https://bugzilla.suse.com/1206209"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1206373 for CVE-2022-4379",
          "url": "https://bugzilla.suse.com/1206373"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-4379"
    },
    {
      "cve": "CVE-2022-44032",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-44032"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-44032",
          "url": "https://www.suse.com/security/cve/CVE-2022-44032"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204894 for CVE-2022-44032",
          "url": "https://bugzilla.suse.com/1204894"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1212290 for CVE-2022-44032",
          "url": "https://bugzilla.suse.com/1212290"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-44032"
    },
    {
      "cve": "CVE-2022-44033",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-44033"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-44033",
          "url": "https://www.suse.com/security/cve/CVE-2022-44033"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204922 for CVE-2022-44033",
          "url": "https://bugzilla.suse.com/1204922"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1212306 for CVE-2022-44033",
          "url": "https://bugzilla.suse.com/1212306"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-44033"
    },
    {
      "cve": "CVE-2022-44034",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-44034"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-44034",
          "url": "https://www.suse.com/security/cve/CVE-2022-44034"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204901 for CVE-2022-44034",
          "url": "https://bugzilla.suse.com/1204901"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-44034"
    },
    {
      "cve": "CVE-2022-45884",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-45884"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-45884",
          "url": "https://www.suse.com/security/cve/CVE-2022-45884"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1205756 for CVE-2022-45884",
          "url": "https://bugzilla.suse.com/1205756"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-45884"
    },
    {
      "cve": "CVE-2022-45885",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-45885"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-45885",
          "url": "https://www.suse.com/security/cve/CVE-2022-45885"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1205758 for CVE-2022-45885",
          "url": "https://bugzilla.suse.com/1205758"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-45885"
    },
    {
      "cve": "CVE-2022-45886",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-45886"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-45886",
          "url": "https://www.suse.com/security/cve/CVE-2022-45886"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1205760 for CVE-2022-45886",
          "url": "https://bugzilla.suse.com/1205760"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-45886"
    },
    {
      "cve": "CVE-2022-45887",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-45887"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-45887",
          "url": "https://www.suse.com/security/cve/CVE-2022-45887"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1205762 for CVE-2022-45887",
          "url": "https://bugzilla.suse.com/1205762"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220015 for CVE-2022-45887",
          "url": "https://bugzilla.suse.com/1220015"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-45887"
    },
    {
      "cve": "CVE-2022-45888",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-45888"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-45888",
          "url": "https://www.suse.com/security/cve/CVE-2022-45888"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1205764 for CVE-2022-45888",
          "url": "https://bugzilla.suse.com/1205764"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-45888"
    },
    {
      "cve": "CVE-2022-45919",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-45919"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-45919",
          "url": "https://www.suse.com/security/cve/CVE-2022-45919"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1205803 for CVE-2022-45919",
          "url": "https://bugzilla.suse.com/1205803"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208600 for CVE-2022-45919",
          "url": "https://bugzilla.suse.com/1208600"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208912 for CVE-2022-45919",
          "url": "https://bugzilla.suse.com/1208912"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1214128 for CVE-2022-45919",
          "url": "https://bugzilla.suse.com/1214128"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215674 for CVE-2022-45919",
          "url": "https://bugzilla.suse.com/1215674"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-45919"
    },
    {
      "cve": "CVE-2022-45934",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-45934"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-45934",
          "url": "https://www.suse.com/security/cve/CVE-2022-45934"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1205796 for CVE-2022-45934",
          "url": "https://bugzilla.suse.com/1205796"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1212292 for CVE-2022-45934",
          "url": "https://bugzilla.suse.com/1212292"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-45934"
    },
    {
      "cve": "CVE-2023-0045",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-0045"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set   function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.   The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.\n\nWe recommend upgrading past commit  a664ec9158eeddd75121d39c9a0758016097fa96",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-0045",
          "url": "https://www.suse.com/security/cve/CVE-2023-0045"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207773 for CVE-2023-0045",
          "url": "https://bugzilla.suse.com/1207773"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-0045"
    },
    {
      "cve": "CVE-2023-1076",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-1076"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-1076",
          "url": "https://www.suse.com/security/cve/CVE-2023-1076"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208599 for CVE-2023-1076",
          "url": "https://bugzilla.suse.com/1208599"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1214019 for CVE-2023-1076",
          "url": "https://bugzilla.suse.com/1214019"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-1076"
    },
    {
      "cve": "CVE-2023-1078",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-1078"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-1078",
          "url": "https://www.suse.com/security/cve/CVE-2023-1078"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208601 for CVE-2023-1078",
          "url": "https://bugzilla.suse.com/1208601"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208603 for CVE-2023-1078",
          "url": "https://bugzilla.suse.com/1208603"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-1078"
    },
    {
      "cve": "CVE-2023-1192",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-1192"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-1192",
          "url": "https://www.suse.com/security/cve/CVE-2023-1192"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208995 for CVE-2023-1192",
          "url": "https://bugzilla.suse.com/1208995"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-1192"
    },
    {
      "cve": "CVE-2023-1380",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-1380"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info-\u003ereq_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-1380",
          "url": "https://www.suse.com/security/cve/CVE-2023-1380"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209287 for CVE-2023-1380",
          "url": "https://bugzilla.suse.com/1209287"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-1380"
    },
    {
      "cve": "CVE-2023-20569",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-20569"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled\u202faddress, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-20569",
          "url": "https://www.suse.com/security/cve/CVE-2023-20569"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1213287 for CVE-2023-20569",
          "url": "https://bugzilla.suse.com/1213287"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-20569"
    },
    {
      "cve": "CVE-2023-20593",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-20593"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue in \"Zen 2\" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-20593",
          "url": "https://www.suse.com/security/cve/CVE-2023-20593"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1213286 for CVE-2023-20593",
          "url": "https://bugzilla.suse.com/1213286"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1213616 for CVE-2023-20593",
          "url": "https://bugzilla.suse.com/1213616"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215674 for CVE-2023-20593",
          "url": "https://bugzilla.suse.com/1215674"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-20593"
    },
    {
      "cve": "CVE-2023-2124",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-2124"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out-of-bounds memory access flaw was found in the Linux kernel\u0027s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-2124",
          "url": "https://www.suse.com/security/cve/CVE-2023-2124"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1210498 for CVE-2023-2124",
          "url": "https://bugzilla.suse.com/1210498"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-2124"
    },
    {
      "cve": "CVE-2023-31084",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-31084"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(\u0026fepriv-\u003esem) is called. However, wait_event_interruptible would put the process to sleep, and down(\u0026fepriv-\u003esem) may block the process.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-31084",
          "url": "https://www.suse.com/security/cve/CVE-2023-31084"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1210783 for CVE-2023-31084",
          "url": "https://bugzilla.suse.com/1210783"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-31084"
    },
    {
      "cve": "CVE-2023-3141",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-3141"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-3141",
          "url": "https://www.suse.com/security/cve/CVE-2023-3141"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1212129 for CVE-2023-3141",
          "url": "https://bugzilla.suse.com/1212129"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215674 for CVE-2023-3141",
          "url": "https://bugzilla.suse.com/1215674"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-3141"
    },
    {
      "cve": "CVE-2023-3269",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-3269"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-3269",
          "url": "https://www.suse.com/security/cve/CVE-2023-3269"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1212395 for CVE-2023-3269",
          "url": "https://bugzilla.suse.com/1212395"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1213760 for CVE-2023-3269",
          "url": "https://bugzilla.suse.com/1213760"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-3269"
    },
    {
      "cve": "CVE-2023-39192",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-39192"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-39192",
          "url": "https://www.suse.com/security/cve/CVE-2023-39192"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215858 for CVE-2023-39192",
          "url": "https://bugzilla.suse.com/1215858"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220015 for CVE-2023-39192",
          "url": "https://bugzilla.suse.com/1220015"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-39192"
    },
    {
      "cve": "CVE-2023-39193",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-39193"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-39193",
          "url": "https://www.suse.com/security/cve/CVE-2023-39193"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215860 for CVE-2023-39193",
          "url": "https://bugzilla.suse.com/1215860"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220015 for CVE-2023-39193",
          "url": "https://bugzilla.suse.com/1220015"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-39193"
    },
    {
      "cve": "CVE-2023-4128",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-4128"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208.  Reason: This record is a duplicate of CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Notes: All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-4128",
          "url": "https://www.suse.com/security/cve/CVE-2023-4128"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1214149 for CVE-2023-4128",
          "url": "https://bugzilla.suse.com/1214149"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-4128"
    },
    {
      "cve": "CVE-2023-4134",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-4134"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-4134",
          "url": "https://www.suse.com/security/cve/CVE-2023-4134"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1213971 for CVE-2023-4134",
          "url": "https://bugzilla.suse.com/1213971"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-4134"
    },
    {
      "cve": "CVE-2023-4194",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-4194"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the Linux kernel\u0027s TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 (\"tun: tun_chr_open(): correctly initialize socket uid\"), - 66b2c338adce (\"tap: tap_open(): correctly initialize socket uid\"), pass \"inode-\u003ei_uid\" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-4194",
          "url": "https://www.suse.com/security/cve/CVE-2023-4194"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1214019 for CVE-2023-4194",
          "url": "https://bugzilla.suse.com/1214019"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-4194"
    },
    {
      "cve": "CVE-2023-42753",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-42753"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h-\u003enets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-42753",
          "url": "https://www.suse.com/security/cve/CVE-2023-42753"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215150 for CVE-2023-42753",
          "url": "https://bugzilla.suse.com/1215150"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218613 for CVE-2023-42753",
          "url": "https://bugzilla.suse.com/1218613"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-42753"
    },
    {
      "cve": "CVE-2023-42754",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-42754"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-42754",
          "url": "https://www.suse.com/security/cve/CVE-2023-42754"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215467 for CVE-2023-42754",
          "url": "https://bugzilla.suse.com/1215467"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1222212 for CVE-2023-42754",
          "url": "https://bugzilla.suse.com/1222212"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-42754"
    },
    {
      "cve": "CVE-2023-42756",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-42756"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-42756",
          "url": "https://www.suse.com/security/cve/CVE-2023-42756"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215767 for CVE-2023-42756",
          "url": "https://bugzilla.suse.com/1215767"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-42756"
    },
    {
      "cve": "CVE-2023-4623",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-4623"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-4623",
          "url": "https://www.suse.com/security/cve/CVE-2023-4623"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215115 for CVE-2023-4623",
          "url": "https://bugzilla.suse.com/1215115"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215440 for CVE-2023-4623",
          "url": "https://bugzilla.suse.com/1215440"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1217444 for CVE-2023-4623",
          "url": "https://bugzilla.suse.com/1217444"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1217531 for CVE-2023-4623",
          "url": "https://bugzilla.suse.com/1217531"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1219698 for CVE-2023-4623",
          "url": "https://bugzilla.suse.com/1219698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221578 for CVE-2023-4623",
          "url": "https://bugzilla.suse.com/1221578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221598 for CVE-2023-4623",
          "url": "https://bugzilla.suse.com/1221598"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-4623"
    },
    {
      "cve": "CVE-2023-46813",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-46813"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-46813",
          "url": "https://www.suse.com/security/cve/CVE-2023-46813"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1212649 for CVE-2023-46813",
          "url": "https://bugzilla.suse.com/1212649"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216896 for CVE-2023-46813",
          "url": "https://bugzilla.suse.com/1216896"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-46813"
    },
    {
      "cve": "CVE-2023-4881",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-4881"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-4881",
          "url": "https://www.suse.com/security/cve/CVE-2023-4881"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215221 for CVE-2023-4881",
          "url": "https://bugzilla.suse.com/1215221"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-4881"
    },
    {
      "cve": "CVE-2023-5345",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-5345"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s fs/smb/client component can be exploited to achieve local privilege escalation.\n\nIn case of an error in smb3_fs_context_parse_param, ctx-\u003epassword was freed but the field was not set to NULL which could lead to double free.\n\nWe recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-5345",
          "url": "https://www.suse.com/security/cve/CVE-2023-5345"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215899 for CVE-2023-5345",
          "url": "https://bugzilla.suse.com/1215899"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215971 for CVE-2023-5345",
          "url": "https://bugzilla.suse.com/1215971"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-5345"
    },
    {
      "cve": "CVE-2023-6606",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-6606"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-6606",
          "url": "https://www.suse.com/security/cve/CVE-2023-6606"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1217947 for CVE-2023-6606",
          "url": "https://bugzilla.suse.com/1217947"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1220015 for CVE-2023-6606",
          "url": "https://bugzilla.suse.com/1220015"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-6606"
    },
    {
      "cve": "CVE-2023-6610",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-6610"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
          "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-6610",
          "url": "https://www.suse.com/security/cve/CVE-2023-6610"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1217946 for CVE-2023-6610",
          "url": "https://bugzilla.suse.com/1217946"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
            "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-6610"
    }
  ]
}

SSA-794697

Vulnerability from csaf_siemens - Published: 2023-06-13 00:00 - Updated: 2024-04-09 00:00

Summary

SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1

Notes

Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

CVE-2020-12762

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2021-3759

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2021-4037

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-284 - Improper Access Control

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2021-33655

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2021-44879

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-0171

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-459 - Incomplete Cleanup

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1012

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1015

6.6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1184

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1292

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1343

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CWE-295 - Improper Certificate Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1434

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1462

6.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1473

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1679

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1852

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-1882

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2068

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2078

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-121 - Stack-based Buffer Overflow

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2097

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CWE-326 - Inadequate Encryption Strength

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2153

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2274

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2327

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-415 - Double Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2503

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-287 - Improper Authentication

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2586

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2588

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2602

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2663

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2905

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2959

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-2978

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3028

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3104

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3115

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3169

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3303

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3521

2.5 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3524

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3534

8.0 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3545

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3564

7.1 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3565

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3586

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3594

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3606

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3621

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3625

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3628

6.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3629

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3633

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3635

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3646

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-3649

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-4095

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-4129

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-667 - Improper Locking

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-4139

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-401 - Missing Release of Memory after Effective Lifetime

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-4269

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-833 - Deadlock

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-4304

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

CWE-326 - Inadequate Encryption Strength

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-4450

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE-415 - Double Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-4662

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-455 - Non-exit on Failed Initialization

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-20421

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-20422

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-20566

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-20572

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-863 - Incorrect Authorization

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-21123

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-459 - Incomplete Cleanup

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-21125

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-459 - Incomplete Cleanup

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-21166

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-459 - Incomplete Cleanup

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-21505

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-305 - Authentication Bypass by Primary Weakness

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-26373

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-311 - Missing Encryption of Sensitive Data

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-32250

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-32296

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CWE-203 - Observable Discrepancy

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-34918

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-36123

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-311 - Missing Encryption of Sensitive Data

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-36280

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-36879

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-36946

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-39188

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-39190

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-40307

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-40768

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-668 - Exposure of Resource to Wrong Sphere

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-41218

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-41222

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-41674

8.1 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-41849

4.2 (Medium)


                        
                          CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-41850

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42328

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-667 - Improper Locking

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42329

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-667 - Improper Locking

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42432

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-457 - Use of Uninitialized Variable

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42703

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42719

8.8 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42720

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42721

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42722

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42895

6.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-824 - Access of Uninitialized Pointer

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-42896

8.8 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-43750

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-47518

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-47520

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-47929

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2022-47946

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-0215

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-0286

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-0464

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-295 - Improper Certificate Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-0465

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CWE-295 - Improper Certificate Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-0466

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CWE-295 - Improper Certificate Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-0590

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-1077

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-1095

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-1206

5.7 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-2898

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3141

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3268

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3338

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3389

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3446

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3609

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3610

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3611

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3772

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3773

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-3777

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-4004

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-4015

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-4273

6.0 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

CWE-121 - Stack-based Buffer Overflow

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-4623

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-4911

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-121 - Stack-based Buffer Overflow

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-4921

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-5178

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-5197

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-5678

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-5717

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-6606

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-6931

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-6932

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-7008

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C

CWE-300 - Channel Accessible by Non-Endpoint

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-7104

5.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-23454

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-23455

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-23559

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-190 - Integer Overflow or Wraparound

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-26607

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-31085

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-369 - Divide By Zero

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-31436

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-32233

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-35001

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-35827

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-36660

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-37453

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-39189

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L/E:P/RL:O/RC:C

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-39192

6.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-39193

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-39194

3.2 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-42753

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-42754

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-42755

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-45863

6.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-45871

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-48795

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C

CWE-222 - Truncation of Security-relevant Information

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-50495

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-51384

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-51385

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2023-51767

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2024-0232

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2024-0553

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

CWE-203 - Observable Discrepancy

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2024-0567

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-347 - Improper Verification of Cryptographic Signature

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2024-0584

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2024-0684

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2024-22365

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-20 - Improper Input Validation

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

CVE-2024-25062

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem Siemens / SIMATIC S7-1500 TM MFP - GNU/Linux subsystem		<V1.1	Vendor Fix fix Workaround

References

4 references

URL	Category
https://cert-portal.siemens.com/productcert/html/…	self
https://cert-portal.siemens.com/productcert/csaf/…	self
https://cert-portal.siemens.com/productcert/pdf/s…	self
https://cert-portal.siemens.com/productcert/txt/s…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.0.\n\nSiemens has released a new version for SIMATIC S7-1500 TM MFP -\u00a0GNU/Linux subsystem and recommends to update to the latest version.\n\nThis advisory lists vulnerabilities for firmware version V1.0 only; for V1.1 refer to Siemens Security Advisory SSA-265688 (\nhttps://cert-portal.siemens.com/productcert/html/ssa-265688.html).",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html"
      },
      {
        "category": "self",
        "summary": "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-794697.json"
      },
      {
        "category": "self",
        "summary": "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-794697.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-794697.txt"
      }
    ],
    "title": "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1",
    "tracking": {
      "current_release_date": "2024-04-09T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-794697",
      "initial_release_date": "2023-06-13T00:00:00Z",
      "revision_history": [
        {
          "date": "2023-06-13T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2023-07-11T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added CVE-2022-4269, CVE-2023-3141, CVE-2023-3268, CVE-2023-31436, CVE-2023-32233"
        },
        {
          "date": "2023-08-08T00:00:00Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added CVE-2023-3446, CVE-2023-3389, CVE-2022-1015, \r\nCVE-2023-3609"
        },
        {
          "date": "2023-09-12T00:00:00Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added CVE-2023-3338"
        },
        {
          "date": "2023-11-14T00:00:00Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Added CVE-2023-1206, CVE-2023-2898, CVE-2023-3610, CVE-2023-3611, CVE-2023-3772, CVE-2023-3773, CVE-2023-3777, CVE-2023-4004, CVE-2023-4015, CVE-2023-4273, CVE-2023-4623, CVE-2023-4921, CVE-2023-35001, CVE-2023-37453, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42753, CVE-2023-42755"
        },
        {
          "date": "2023-12-12T00:00:00Z",
          "legacy_version": "1.5",
          "number": "6",
          "summary": "Added CVE-2021-44879, CVE-2023-5178, CVE-2023-5197, CVE-2023-5678, CVE-2023-5717, CVE-2023-31085, CVE-2023-35827, CVE-2023-39189, CVE-2023-42754, CVE-2023-45863, CVE-2023-45871"
        },
        {
          "date": "2024-01-09T00:00:00Z",
          "legacy_version": "1.6",
          "number": "7",
          "summary": "Added CVE-2023-48795"
        },
        {
          "date": "2024-02-13T00:00:00Z",
          "legacy_version": "1.7",
          "number": "8",
          "summary": "Added CVE-2020-12762, CVE-2023-6606, CVE-2023-6931, CVE-2023-6932, CVE-2023-7008, CVE-2023-7104, CVE-2023-36660, CVE-2023-50495, CVE-2023-51384, CVE-2023-51385, CVE-2023-51767, CVE-2024-0232, CVE-2024-0553, CVE-2024-0567, CVE-2024-0584, CVE-2024-0684, CVE-2024-22365, CVE-2024-25062"
        },
        {
          "date": "2024-04-09T00:00:00Z",
          "legacy_version": "1.8",
          "number": "9",
          "summary": "Added fix for SIMATIC S7-1500 TM MFP - GNU/Linux subsystem"
        }
      ],
      "status": "interim",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV1.1",
                "product": {
                  "name": "SIMATIC S7-1500 TM MFP -\u00a0GNU/Linux subsystem",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1500 TM MFP -\u00a0GNU/Linux subsystem"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-12762",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "summary",
          "text": "json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2020-12762"
    },
    {
      "cve": "CVE-2021-3759",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A memory overflow vulnerability was found in the Linux kernel\u2019s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-3759"
    },
    {
      "cve": "CVE-2021-4037",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-4037"
    },
    {
      "cve": "CVE-2021-33655",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-33655"
    },
    {
      "cve": "CVE-2021-44879",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2021-44879"
    },
    {
      "cve": "CVE-2022-0171",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-0171"
    },
    {
      "cve": "CVE-2022-1012",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-1012"
    },
    {
      "cve": "CVE-2022-1015",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-1015"
    },
    {
      "cve": "CVE-2022-1184",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel\u2019s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-1184"
    },
    {
      "cve": "CVE-2022-1292",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-1292"
    },
    {
      "cve": "CVE-2022-1343",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Under certain circumstances, the command line OCSP verify function reports successful verification when the verification in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-1343"
    },
    {
      "cve": "CVE-2022-1434",
      "cwe": {
        "id": "CWE-327",
        "name": "Use of a Broken or Risky Cryptographic Algorithm"
      },
      "notes": [
        {
          "category": "summary",
          "text": "When using the RC4-MD5 ciphersuite, which is disabled by default, an attacker is able to modify data in transit due to an incorrect use of the AAD data as the MAC key in OpenSSL 3.0. An attacker is not able to decrypt any communication.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-1434"
    },
    {
      "cve": "CVE-2022-1462",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An out-of-bounds read flaw was found in the Linux kernel\u2019s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-1462"
    },
    {
      "cve": "CVE-2022-1473",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The used OpenSSL version improperly reuses memory when decoding certificates or keys. This can lead to a process termination and Denial of Service for long lived processes.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-1473"
    },
    {
      "cve": "CVE-2022-1679",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free flaw was found in the Linux kernel\u2019s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-1679"
    },
    {
      "cve": "CVE-2022-1852",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A NULL pointer dereference flaw was found in the Linux kernel\u2019s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-1852"
    },
    {
      "cve": "CVE-2022-1882",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free flaw was found in the Linux kernel\u2019s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-1882"
    },
    {
      "cve": "CVE-2022-2068",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-2068"
    },
    {
      "cve": "CVE-2022-2078",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in the Linux kernel\u0027s nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-2078"
    },
    {
      "cve": "CVE-2022-2097",
      "cwe": {
        "id": "CWE-326",
        "name": "Inadequate Encryption Strength"
      },
      "notes": [
        {
          "category": "summary",
          "text": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn\u0027t written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-2097"
    },
    {
      "cve": "CVE-2022-2153",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel\u2019s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-2153"
    },
    {
      "cve": "CVE-2022-2274",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-2274"
    },
    {
      "cve": "CVE-2022-2327",
      "cwe": {
        "id": "CWE-415",
        "name": "Double Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-2327"
    },
    {
      "cve": "CVE-2022-2503",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-2503"
    },
    {
      "cve": "CVE-2022-2586",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-2586"
    },
    {
      "cve": "CVE-2022-2588",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-2588"
    },
    {
      "cve": "CVE-2022-2602",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel. A race issue occurs between an io_uring request and the Unix socket garbage collector, allowing an attacker local privilege escalation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-2602"
    },
    {
      "cve": "CVE-2022-2663",
      "cwe": {
        "id": "CWE-923",
        "name": "Improper Restriction of Communication Channel to Intended Endpoints"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-2663"
    },
    {
      "cve": "CVE-2022-2905",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An out-of-bounds memory read flaw was found in the Linux kernel\u0027s BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-2905"
    },
    {
      "cve": "CVE-2022-2959",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A race condition was found in the Linux kernel\u0027s watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-2959"
    },
    {
      "cve": "CVE-2022-2978",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-2978"
    },
    {
      "cve": "CVE-2022-3028",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A race condition was found in the Linux kernel\u0027s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3028"
    },
    {
      "cve": "CVE-2022-3104",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3104"
    },
    {
      "cve": "CVE-2022-3115",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3115"
    },
    {
      "cve": "CVE-2022-3169",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3169"
    },
    {
      "cve": "CVE-2022-3303",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3303"
    },
    {
      "cve": "CVE-2022-3521",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3521"
    },
    {
      "cve": "CVE-2022-3524",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3524"
    },
    {
      "cve": "CVE-2022-3534",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3534"
    },
    {
      "cve": "CVE-2022-3545",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3545"
    },
    {
      "cve": "CVE-2022-3564",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3564"
    },
    {
      "cve": "CVE-2022-3565",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3565"
    },
    {
      "cve": "CVE-2022-3586",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel\u2019s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3586"
    },
    {
      "cve": "CVE-2022-3594",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3594"
    },
    {
      "cve": "CVE-2022-3606",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3606"
    },
    {
      "cve": "CVE-2022-3621",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3621"
    },
    {
      "cve": "CVE-2022-3625",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3625"
    },
    {
      "cve": "CVE-2022-3628",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3628"
    },
    {
      "cve": "CVE-2022-3629",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3629"
    },
    {
      "cve": "CVE-2022-3633",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3633"
    },
    {
      "cve": "CVE-2022-3635",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3635"
    },
    {
      "cve": "CVE-2022-3646",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3646"
    },
    {
      "cve": "CVE-2022-3649",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-3649"
    },
    {
      "cve": "CVE-2022-4095",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-4095"
    },
    {
      "cve": "CVE-2022-4129",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel\u0027s Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-4129"
    },
    {
      "cve": "CVE-2022-4139",
      "cwe": {
        "id": "CWE-401",
        "name": "Missing Release of Memory after Effective Lifetime"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An incorrect TLB flush issue was found in the Linux kernel\u2019s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-4139"
    },
    {
      "cve": "CVE-2022-4269",
      "cwe": {
        "id": "CWE-833",
        "name": "Deadlock"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action \"mirred\") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-4269"
    },
    {
      "cve": "CVE-2022-4304",
      "cwe": {
        "id": "CWE-326",
        "name": "Inadequate Encryption Strength"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-4304"
    },
    {
      "cve": "CVE-2022-4450",
      "cwe": {
        "id": "CWE-415",
        "name": "Double Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-4450"
    },
    {
      "cve": "CVE-2022-4662",
      "cwe": {
        "id": "CWE-455",
        "name": "Non-exit on Failed Initialization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-4662"
    },
    {
      "cve": "CVE-2022-20421",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-20421"
    },
    {
      "cve": "CVE-2022-20422",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-20422"
    },
    {
      "cve": "CVE-2022-20566",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-20566"
    },
    {
      "cve": "CVE-2022-20572",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-20572"
    },
    {
      "cve": "CVE-2022-21123",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-21123"
    },
    {
      "cve": "CVE-2022-21125",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-21125"
    },
    {
      "cve": "CVE-2022-21166",
      "cwe": {
        "id": "CWE-459",
        "name": "Incomplete Cleanup"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-21166"
    },
    {
      "cve": "CVE-2022-21505",
      "cwe": {
        "id": "CWE-305",
        "name": "Authentication Bypass by Primary Weakness"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel lockdown was enabled",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-21505"
    },
    {
      "cve": "CVE-2022-26373",
      "cwe": {
        "id": "CWE-311",
        "name": "Missing Encryption of Sensitive Data"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-26373"
    },
    {
      "cve": "CVE-2022-32250",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-32250"
    },
    {
      "cve": "CVE-2022-32296",
      "cwe": {
        "id": "CWE-203",
        "name": "Observable Discrepancy"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (\"Double-Hash Port Selection Algorithm\") of RFC 6056.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-32296"
    },
    {
      "cve": "CVE-2022-34918",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-34918"
    },
    {
      "cve": "CVE-2022-36123",
      "cwe": {
        "id": "CWE-311",
        "name": "Missing Encryption of Sensitive Data"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-36123"
    },
    {
      "cve": "CVE-2022-36280",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-36280"
    },
    {
      "cve": "CVE-2022-36879",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-36879"
    },
    {
      "cve": "CVE-2022-36946",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb-\u003elen.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-36946"
    },
    {
      "cve": "CVE-2022-39188",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-39188"
    },
    {
      "cve": "CVE-2022-39190",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-39190"
    },
    {
      "cve": "CVE-2022-40307",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-40307"
    },
    {
      "cve": "CVE-2022-40768",
      "cwe": {
        "id": "CWE-668",
        "name": "Exposure of Resource to Wrong Sphere"
      },
      "notes": [
        {
          "category": "summary",
          "text": "drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-40768"
    },
    {
      "cve": "CVE-2022-41218",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-41218"
    },
    {
      "cve": "CVE-2022-41222",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-41222"
    },
    {
      "cve": "CVE-2022-41674",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-41674"
    },
    {
      "cve": "CVE-2022-41849",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-41849"
    },
    {
      "cve": "CVE-2022-41850",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report-\u003evalue is in progress.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-41850"
    },
    {
      "cve": "CVE-2022-42328",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Guests can trigger deadlock in Linux netback driver [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-42328"
    },
    {
      "cve": "CVE-2022-42329",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Guests can trigger deadlock in Linux netback drive. The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-42329"
    },
    {
      "cve": "CVE-2022-42432",
      "cwe": {
        "id": "CWE-457",
        "name": "Use of Uninitialized Variable"
      },
      "notes": [
        {
          "category": "summary",
          "text": "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nft_osf_eval function. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-18540.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-42432"
    },
    {
      "cve": "CVE-2022-42703",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-42703"
    },
    {
      "cve": "CVE-2022-42719",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-42719"
    },
    {
      "cve": "CVE-2022-42720",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-42720"
    },
    {
      "cve": "CVE-2022-42721",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-42721"
    },
    {
      "cve": "CVE-2022-42722",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-42722"
    },
    {
      "cve": "CVE-2022-42895",
      "cwe": {
        "id": "CWE-824",
        "name": "Access of Uninitialized Pointer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "There is an infoleak vulnerability in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-42895"
    },
    {
      "cve": "CVE-2022-42896",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "There are use-after-free vulnerabilities in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-42896"
    },
    {
      "cve": "CVE-2022-43750",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor\u0027s internal memory.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-43750"
    },
    {
      "cve": "CVE-2022-47518",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-47518"
    },
    {
      "cve": "CVE-2022-47520",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-47520"
    },
    {
      "cve": "CVE-2022-47929",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with \"tc qdisc\" and \"tc class\" commands. This affects qdisc_graft in net/sched/sch_api.c.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-47929"
    },
    {
      "cve": "CVE-2022-47946",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2022-47946"
    },
    {
      "cve": "CVE-2023-0215",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-0215"
    },
    {
      "cve": "CVE-2023-0286",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-0286"
    },
    {
      "cve": "CVE-2023-0464",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing the `-policy` argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()` function.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-0464"
    },
    {
      "cve": "CVE-2023-0465",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Applications that use a non-default option when verifying certificates may be\r\nvulnerable to an attack from a malicious CA to circumvent certain checks.\r\n\r\nInvalid certificate policies in leaf certificates are silently ignored by\r\nOpenSSL and other certificate policy checks are skipped for that certificate.\r\nA malicious CA could use this to deliberately assert invalid certificate policies\r\nin order to circumvent policy checking on the certificate altogether.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing\r\nthe `-policy` argument to the command line utilities or by calling the\r\n`X509_VERIFY_PARAM_set1_policies()` function.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-0465"
    },
    {
      "cve": "CVE-2023-0466",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-0466"
    },
    {
      "cve": "CVE-2023-0590",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-0590"
    },
    {
      "cve": "CVE-2023-1077",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-1077"
    },
    {
      "cve": "CVE-2023-1095",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-1095"
    },
    {
      "cve": "CVE-2023-1206",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel\u2019s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-1206"
    },
    {
      "cve": "CVE-2023-2898",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-2898"
    },
    {
      "cve": "CVE-2023-3141",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-3141"
    },
    {
      "cve": "CVE-2023-3268",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-3268"
    },
    {
      "cve": "CVE-2023-3338",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A null pointer dereference flaw was found in the Linux kernel\u0027s DECnet networking protocol. This issue could allow a remote user to crash the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-3338"
    },
    {
      "cve": "CVE-2023-3389",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\r\n\r\nWe recommend upgrading past commit `ef7dfac51d8ed961b742218f526bd589f3900a59`  \r\n(`4716c73b188566865bdd79c3a6709696a224ac04` for 5.10 stable and   \r\n`0e388fce7aec40992eadee654193cad345d62663` for 5.15 stable).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-3389"
    },
    {
      "cve": "CVE-2023-3446",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus (\u0027p\u0027 parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the \u0027-check\u0027 option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-3446"
    },
    {
      "cve": "CVE-2023-3609",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\r\n\r\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-3609"
    },
    {
      "cve": "CVE-2023-3610",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nFlaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-3610"
    },
    {
      "cve": "CVE-2023-3611",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An out-of-bounds write vulnerability in the Linux kernel\u0027s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\r\n\r\nThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-3611"
    },
    {
      "cve": "CVE-2023-3772",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel\u0027s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-3772"
    },
    {
      "cve": "CVE-2023-3773",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Linux kernel\u0027s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-3773"
    },
    {
      "cve": "CVE-2023-3777",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nWhen nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain\u0027s owner rule can also release the objects in certain circumstances.\n\nWe recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-3777"
    },
    {
      "cve": "CVE-2023-4004",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free flaw was found in the Linux kernel\u0027s netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-4004"
    },
    {
      "cve": "CVE-2023-4015",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The netfilter subsystem in the Linux kernel did not properly handle bound chain deactivation in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-4015"
    },
    {
      "cve": "CVE-2023-4273",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "This vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this vulnerability to overflow the kernel stack.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-4273"
    },
    {
      "cve": "CVE-2023-4623",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-4623"
    },
    {
      "cve": "CVE-2023-4911",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A buffer overflow was discovered in the GNU C Library\u0027s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-4911"
    },
    {
      "cve": "CVE-2023-4921",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-4921"
    },
    {
      "cve": "CVE-2023-5178",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious local privileged user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-5178"
    },
    {
      "cve": "CVE-2023-5197",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nAddition and removal of rules from chain bindings within the same transaction causes leads to use-after-free.\r\n\r\nWe recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-5197"
    },
    {
      "cve": "CVE-2023-5678",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn\u0027t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn\u0027t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-5678"
    },
    {
      "cve": "CVE-2023-5717",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\r\n\r\nIf perf_read_group() is called while an event\u0027s sibling_list is smaller than its child\u0027s sibling_list, it can increment or write to memory locations outside of the allocated buffer.\r\n\r\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-5717"
    },
    {
      "cve": "CVE-2023-6606",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-6606"
    },
    {
      "cve": "CVE-2023-6931",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A heap out-of-bounds write vulnerability in the Linux kernel\u0027s Performance Events system component can be exploited to achieve local privilege escalation.\n\nA perf_event\u0027s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\n\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-6931"
    },
    {
      "cve": "CVE-2023-6932",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free vulnerability in the Linux kernel\u0027s ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-6932"
    },
    {
      "cve": "CVE-2023-7008",
      "cwe": {
        "id": "CWE-300",
        "name": "Channel Accessible by Non-Endpoint"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-7008"
    },
    {
      "cve": "CVE-2023-7104",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-7104"
    },
    {
      "cve": "CVE-2023-23454",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-23454"
    },
    {
      "cve": "CVE-2023-23455",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-23455"
    },
    {
      "cve": "CVE-2023-23559",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-23559"
    },
    {
      "cve": "CVE-2023-26607",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-26607"
    },
    {
      "cve": "CVE-2023-31085",
      "cwe": {
        "id": "CWE-369",
        "name": "Divide By Zero"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd-\u003eerasesize), used indirectly by ctrl_cdev_ioctl, when mtd-\u003eerasesize is 0.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-31085"
    },
    {
      "cve": "CVE-2023-31436",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-31436"
    },
    {
      "cve": "CVE-2023-32233",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-32233"
    },
    {
      "cve": "CVE-2023-35001",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-35001"
    },
    {
      "cve": "CVE-2023-35827",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-35827"
    },
    {
      "cve": "CVE-2023-36660",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-36660"
    },
    {
      "cve": "CVE-2023-37453",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-37453"
    },
    {
      "cve": "CVE-2023-39189",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-39189"
    },
    {
      "cve": "CVE-2023-39192",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-39192"
    },
    {
      "cve": "CVE-2023-39193",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-39193"
    },
    {
      "cve": "CVE-2023-39194",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-39194"
    },
    {
      "cve": "CVE-2023-42753",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h-\u003enets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-42753"
    },
    {
      "cve": "CVE-2023-42754",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-42754"
    },
    {
      "cve": "CVE-2023-42755",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-42755"
    },
    {
      "cve": "CVE-2023-45863",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-45863"
    },
    {
      "cve": "CVE-2023-45871",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-45871"
    },
    {
      "cve": "CVE-2023-48795",
      "cwe": {
        "id": "CWE-222",
        "name": "Truncation of Security-relevant Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-50495",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-50495"
    },
    {
      "cve": "CVE-2023-51384",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-51384"
    },
    {
      "cve": "CVE-2023-51385",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-51385"
    },
    {
      "cve": "CVE-2023-51767",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2023-51767"
    },
    {
      "cve": "CVE-2024-0232",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-0232"
    },
    {
      "cve": "CVE-2024-0553",
      "cwe": {
        "id": "CWE-203",
        "name": "Observable Discrepancy"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-0553"
    },
    {
      "cve": "CVE-2024-0567",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-0567"
    },
    {
      "cve": "CVE-2024-0584",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in the network sub-component in the Linux Kernel. This flaw allows a local user to observe a refcnt use-after-free issue when receiving an igmp query packet, leading to a kernel information leak.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-0584"
    },
    {
      "cve": "CVE-2024-0684",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A flaw was found in the GNU coreutils \"split\" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-0684"
    },
    {
      "cve": "CVE-2024-22365",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-22365"
    },
    {
      "cve": "CVE-2024-25062",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V1.1 or later version",
          "product_ids": [
            "1"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109827684/"
        },
        {
          "category": "workaround",
          "details": "Only build and run applications from trusted sources",
          "product_ids": [
            "1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1"
          ]
        }
      ],
      "title": "CVE-2024-25062"
    }
  ]
}

SUSE-SU-2022:3601-1

Vulnerability from csaf_suse - Published: 2022-10-17 11:51 - Updated: 2022-10-17 11:51

Summary

Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)

Severity

Important

Notes

Title of the patch: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)

Description of the patch: This update for the Linux Kernel 5.14.21-150400_24_21 fixes several issues. The following security issues were fixed: - CVE-2022-41674: Fixed buffer overflow that can be triggered by injected WLAN frames (bsc#1203994). - CVE-2022-42719: Fixed use-after-free in the mac80211 stack when parsing a multi-BSSID element (bsc#1204292). - CVE-2022-42720: Fixed refcounting bugs in the multi-BSS handling of the mac80211 stack (bsc#1204291). - CVE-2022-42721: Fixed list management bug in BSS handling of the mac80211 stack (bsc#1204290). - CVE-2022-39189: Fixed mishandled TLB flush operation in certain KVM_VCPU_PREEMPTED situations (bsc#1203067).

Patchnames: SUSE-2022-3601,SUSE-SLE-Module-Live-Patching-15-SP4-2022-3601

CVE-2022-39189

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-41674

8.8 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-42719

7.5 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-42720

7.5 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2022-42721

7.5 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 3 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64	—	Vendor Fix

Threats

Impact important

References

34 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1203067	self
https://bugzilla.suse.com/1203994	self
https://bugzilla.suse.com/1204290	self
https://bugzilla.suse.com/1204291	self
https://bugzilla.suse.com/1204292	self
https://www.suse.com/security/cve/CVE-2022-39189/	self
https://www.suse.com/security/cve/CVE-2022-41674/	self
https://www.suse.com/security/cve/CVE-2022-42719/	self
https://www.suse.com/security/cve/CVE-2022-42720/	self
https://www.suse.com/security/cve/CVE-2022-42721/	self
https://www.suse.com/security/cve/CVE-2022-39189	external
https://bugzilla.suse.com/1203066	external
https://bugzilla.suse.com/1203067	external
https://bugzilla.suse.com/1209225	external
https://www.suse.com/security/cve/CVE-2022-41674	external
https://bugzilla.suse.com/1203770	external
https://bugzilla.suse.com/1203994	external
https://bugzilla.suse.com/1209225	external
https://www.suse.com/security/cve/CVE-2022-42719	external
https://bugzilla.suse.com/1204051	external
https://bugzilla.suse.com/1204292	external
https://bugzilla.suse.com/1209225	external
https://www.suse.com/security/cve/CVE-2022-42720	external
https://bugzilla.suse.com/1204059	external
https://bugzilla.suse.com/1204291	external
https://bugzilla.suse.com/1209225	external
https://www.suse.com/security/cve/CVE-2022-42721	external
https://bugzilla.suse.com/1204060	external
https://bugzilla.suse.com/1204290	external
https://bugzilla.suse.com/1209225	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.14.21-150400_24_21 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2022-41674: Fixed buffer overflow that can be triggered by injected WLAN frames (bsc#1203994).\n- CVE-2022-42719: Fixed use-after-free in the mac80211 stack when parsing a multi-BSSID element (bsc#1204292).\n- CVE-2022-42720: Fixed refcounting bugs in the multi-BSS handling of the mac80211 stack (bsc#1204291).\n- CVE-2022-42721: Fixed list management bug in BSS handling of the mac80211 stack (bsc#1204290).\n- CVE-2022-39189: Fixed mishandled TLB flush operation in certain KVM_VCPU_PREEMPTED situations (bsc#1203067).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2022-3601,SUSE-SLE-Module-Live-Patching-15-SP4-2022-3601",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3601-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2022:3601-1",
        "url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223601-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2022:3601-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012547.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203067",
        "url": "https://bugzilla.suse.com/1203067"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1203994",
        "url": "https://bugzilla.suse.com/1203994"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204290",
        "url": "https://bugzilla.suse.com/1204290"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204291",
        "url": "https://bugzilla.suse.com/1204291"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1204292",
        "url": "https://bugzilla.suse.com/1204292"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-39189 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-39189/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-41674 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-41674/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42719 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42719/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42720 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42720/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-42721 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-42721/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)",
    "tracking": {
      "current_release_date": "2022-10-17T11:51:40Z",
      "generator": {
        "date": "2022-10-17T11:51:40Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2022:3601-1",
      "initial_release_date": "2022-10-17T11:51:40Z",
      "revision_history": [
        {
          "date": "2022-10-17T11:51:40Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP4",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x"
        },
        "product_reference": "kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64"
        },
        "product_reference": "kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-39189",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-39189"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-39189",
          "url": "https://www.suse.com/security/cve/CVE-2022-39189"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203066 for CVE-2022-39189",
          "url": "https://bugzilla.suse.com/1203066"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203067 for CVE-2022-39189",
          "url": "https://bugzilla.suse.com/1203067"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-39189",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-10-17T11:51:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-39189"
    },
    {
      "cve": "CVE-2022-41674",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-41674"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-41674",
          "url": "https://www.suse.com/security/cve/CVE-2022-41674"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203770 for CVE-2022-41674",
          "url": "https://bugzilla.suse.com/1203770"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203994 for CVE-2022-41674",
          "url": "https://bugzilla.suse.com/1203994"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-41674",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-10-17T11:51:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-41674"
    },
    {
      "cve": "CVE-2022-42719",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42719"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42719",
          "url": "https://www.suse.com/security/cve/CVE-2022-42719"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204051 for CVE-2022-42719",
          "url": "https://bugzilla.suse.com/1204051"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204292 for CVE-2022-42719",
          "url": "https://bugzilla.suse.com/1204292"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-42719",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-10-17T11:51:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-42719"
    },
    {
      "cve": "CVE-2022-42720",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42720"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42720",
          "url": "https://www.suse.com/security/cve/CVE-2022-42720"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204059 for CVE-2022-42720",
          "url": "https://bugzilla.suse.com/1204059"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204291 for CVE-2022-42720",
          "url": "https://bugzilla.suse.com/1204291"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-42720",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-10-17T11:51:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-42720"
    },
    {
      "cve": "CVE-2022-42721",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-42721"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-42721",
          "url": "https://www.suse.com/security/cve/CVE-2022-42721"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204060 for CVE-2022-42721",
          "url": "https://bugzilla.suse.com/1204060"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1204290 for CVE-2022-42721",
          "url": "https://bugzilla.suse.com/1204290"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209225 for CVE-2022-42721",
          "url": "https://bugzilla.suse.com/1209225"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_21-default-3-150400.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2022-10-17T11:51:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-42721"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-42719 (GCVE-0-2022-42719)

Solution

Tags

Sightings

Nomenclature