rpm package
opensuse/dtb-aarch64&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.3
Vulnerabilities (253)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-28097 | — | < 5.3.18-150300.59.49.1 | 5.3.18-150300.59.49.1 | Jun 24, 2021 | The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. | ||
| CVE-2021-20292 | — | < 5.3.18-150300.59.68.1 | 5.3.18-150300.59.68.1 | May 28, 2021 | There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the obje | ||
| CVE-2021-22543 | — | < 5.3.18-59.19.1 | 5.3.18-59.19.1 | May 26, 2021 | An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pag | ||
| CVE-2021-33033 | — | < 5.3.18-59.34.1 | 5.3.18-59.34.1 | May 14, 2021 | The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. | ||
| CVE-2021-31916 | — | < 5.3.18-59.37.1 | 5.3.18-59.37.1 | May 6, 2021 | An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memo | ||
| CVE-2020-24504 | — | < 5.3.18-59.40.1 | 5.3.18-59.40.1 | Feb 17, 2021 | Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access. | ||
| CVE-2020-16119 | — | < 5.3.18-150300.59.98.1 | 5.3.18-150300.59.98.1 | Jan 14, 2021 | Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0 | ||
| CVE-2020-27835 | — | < 5.3.18-150300.59.68.1 | 5.3.18-150300.59.68.1 | Jan 7, 2021 | A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system. | ||
| CVE-2020-26541 | — | < 5.3.18-150300.59.76.1 | 5.3.18-150300.59.76.1 | Oct 2, 2020 | The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. | ||
| CVE-2020-3702 | — | < 5.3.18-59.27.1 | 5.3.18-59.27.1 | Sep 8, 2020 | u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapd | ||
| CVE-2020-12770 | — | < 5.3.18-59.24.1 | 5.3.18-59.24.1 | May 9, 2020 | An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | ||
| CVE-2019-19377 | — | < 5.3.18-150300.59.71.1 | 5.3.18-150300.59.71.1 | Nov 29, 2019 | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. | ||
| CVE-2016-3695 | Med | 5.5 | < 5.3.18-150300.59.93.1 | 5.3.18-150300.59.93.1 | Dec 29, 2017 | The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. |
- CVE-2020-28097Jun 24, 2021affected < 5.3.18-150300.59.49.1fixed 5.3.18-150300.59.49.1
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.
- CVE-2021-20292May 28, 2021affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the obje
- CVE-2021-22543May 26, 2021affected < 5.3.18-59.19.1fixed 5.3.18-59.19.1
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pag
- CVE-2021-33033May 14, 2021affected < 5.3.18-59.34.1fixed 5.3.18-59.34.1
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
- CVE-2021-31916May 6, 2021affected < 5.3.18-59.37.1fixed 5.3.18-59.37.1
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memo
- CVE-2020-24504Feb 17, 2021affected < 5.3.18-59.40.1fixed 5.3.18-59.40.1
Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2020-16119Jan 14, 2021affected < 5.3.18-150300.59.98.1fixed 5.3.18-150300.59.98.1
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0
- CVE-2020-27835Jan 7, 2021affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.
- CVE-2020-26541Oct 2, 2020affected < 5.3.18-150300.59.76.1fixed 5.3.18-150300.59.76.1
The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
- CVE-2020-3702Sep 8, 2020affected < 5.3.18-59.27.1fixed 5.3.18-59.27.1
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapd
- CVE-2020-12770May 9, 2020affected < 5.3.18-59.24.1fixed 5.3.18-59.24.1
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
- CVE-2019-19377Nov 29, 2019affected < 5.3.18-150300.59.71.1fixed 5.3.18-150300.59.71.1
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
- affected < 5.3.18-150300.59.93.1fixed 5.3.18-150300.59.93.1
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.
Page 13 of 13