rpm package
opensuse/crash&distro=openSUSE Leap 15.2
pkg:rpm/opensuse/crash&distro=openSUSE%20Leap%2015.2
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-10781 | — | < 7.2.8-lp152.3.2.1 | 7.2.8-lp152.3.2.1 | Sep 16, 2020 | A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not acco | ||
| CVE-2020-14331 | — | < 7.2.8-lp152.3.2.1 | 7.2.8-lp152.3.2.1 | Sep 15, 2020 | A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA cons | ||
| CVE-2020-14356 | — | < 7.2.8-lp152.3.2.1 | 7.2.8-lp152.3.2.1 | Aug 19, 2020 | A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. | ||
| CVE-2020-16166 | — | < 7.2.8-lp152.3.2.1 | 7.2.8-lp152.3.2.1 | Jul 30, 2020 | The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. | ||
| CVE-2020-0305 | — | < 7.2.8-lp152.3.2.1 | 7.2.8-lp152.3.2.1 | Jul 17, 2020 | In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-15346 | ||
| CVE-2020-15780 | — | < 7.2.8-lp152.3.2.1 | 7.2.8-lp152.3.2.1 | Jul 15, 2020 | An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30. | ||
| CVE-2020-10135 | — | < 7.2.8-lp152.3.2.1 | 7.2.8-lp152.3.2.1 | May 19, 2020 | Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersona |
- CVE-2020-10781Sep 16, 2020affected < 7.2.8-lp152.3.2.1fixed 7.2.8-lp152.3.2.1
A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not acco
- CVE-2020-14331Sep 15, 2020affected < 7.2.8-lp152.3.2.1fixed 7.2.8-lp152.3.2.1
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA cons
- CVE-2020-14356Aug 19, 2020affected < 7.2.8-lp152.3.2.1fixed 7.2.8-lp152.3.2.1
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.
- CVE-2020-16166Jul 30, 2020affected < 7.2.8-lp152.3.2.1fixed 7.2.8-lp152.3.2.1
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.
- CVE-2020-0305Jul 17, 2020affected < 7.2.8-lp152.3.2.1fixed 7.2.8-lp152.3.2.1
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-15346
- CVE-2020-15780Jul 15, 2020affected < 7.2.8-lp152.3.2.1fixed 7.2.8-lp152.3.2.1
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.
- CVE-2020-10135May 19, 2020affected < 7.2.8-lp152.3.2.1fixed 7.2.8-lp152.3.2.1
Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersona