rpm package
opensuse/kernel-debug&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.3
Vulnerabilities (340)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-16119 | — | < 5.3.18-150300.59.98.1 | 5.3.18-150300.59.98.1 | Jan 14, 2021 | Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0 | ||
| CVE-2020-27835 | — | < 5.3.18-150300.59.68.1 | 5.3.18-150300.59.68.1 | Jan 7, 2021 | A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system. | ||
| CVE-2020-4788 | — | < 4.12.14-197.102.2 | 4.12.14-197.102.2 | Nov 20, 2020 | IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | ||
| CVE-2020-27673 | — | < 5.3.18-59.5.2 | 5.3.18-59.5.2 | Oct 22, 2020 | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. | ||
| CVE-2020-26541 | — | < 4.12.14-150100.197.114.2 | 4.12.14-150100.197.114.2 | Oct 2, 2020 | The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. | ||
| CVE-2020-0429 | — | < 4.12.14-197.102.2 | 4.12.14-197.102.2 | Sep 17, 2020 | In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers | ||
| CVE-2020-3702 | — | < 5.3.18-59.27.1 | 5.3.18-59.27.1 | Sep 8, 2020 | u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapd | ||
| CVE-2019-20811 | — | < 4.12.14-150100.197.114.2 | 4.12.14-150100.197.114.2 | Jun 3, 2020 | An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c. | ||
| CVE-2020-12770 | — | < 5.3.18-59.24.1 | 5.3.18-59.24.1 | May 9, 2020 | An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | ||
| CVE-2019-15126 | — | < 4.12.14-197.105.1 | 4.12.14-197.105.1 | Feb 5, 2020 | An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure ov | ||
| CVE-2019-19769 | — | < 5.3.18-59.5.2 | 5.3.18-59.5.2 | Dec 12, 2019 | In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h). | ||
| CVE-2019-19377 | — | < 5.3.18-150300.59.71.2 | 5.3.18-150300.59.71.2 | Nov 29, 2019 | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. | ||
| CVE-2019-18814 | — | < 5.3.18-59.5.2 | 5.3.18-59.5.2 | Nov 7, 2019 | An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c. | ||
| CVE-2019-3900 | — | < 4.12.14-197.102.2 | 4.12.14-197.102.2 | Apr 25, 2019 | An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could | ||
| CVE-2019-3874 | — | < 4.12.14-197.102.2 | 4.12.14-197.102.2 | Mar 25, 2019 | The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. | ||
| CVE-2018-9517 | — | < 4.12.14-197.102.2 | 4.12.14-197.102.2 | Dec 7, 2018 | In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-3 | ||
| CVE-2018-13405 | — | < 4.12.14-197.102.2 | 4.12.14-197.102.2 | Jul 6, 2018 | The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the no | ||
| CVE-2018-7755 | — | < 4.12.14-150100.197.114.2 | 4.12.14-150100.197.114.2 | Mar 8, 2018 | An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel | ||
| CVE-2016-3695 | Med | 5.5 | < 5.3.18-150300.59.93.1 | 5.3.18-150300.59.93.1 | Dec 29, 2017 | The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. | |
| CVE-2017-13695 | Med | 5.5 | < 4.12.14-150100.197.114.2 | 4.12.14-150100.197.114.2 | Aug 25, 2017 | The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanis |
- CVE-2020-16119Jan 14, 2021affected < 5.3.18-150300.59.98.1fixed 5.3.18-150300.59.98.1
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0
- CVE-2020-27835Jan 7, 2021affected < 5.3.18-150300.59.68.1fixed 5.3.18-150300.59.68.1
A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.
- CVE-2020-4788Nov 20, 2020affected < 4.12.14-197.102.2fixed 4.12.14-197.102.2
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
- CVE-2020-27673Oct 22, 2020affected < 5.3.18-59.5.2fixed 5.3.18-59.5.2
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
- CVE-2020-26541Oct 2, 2020affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2
The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
- CVE-2020-0429Sep 17, 2020affected < 4.12.14-197.102.2fixed 4.12.14-197.102.2
In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers
- CVE-2020-3702Sep 8, 2020affected < 5.3.18-59.27.1fixed 5.3.18-59.27.1
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapd
- CVE-2019-20811Jun 3, 2020affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
- CVE-2020-12770May 9, 2020affected < 5.3.18-59.24.1fixed 5.3.18-59.24.1
An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.
- CVE-2019-15126Feb 5, 2020affected < 4.12.14-197.105.1fixed 4.12.14-197.105.1
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure ov
- CVE-2019-19769Dec 12, 2019affected < 5.3.18-59.5.2fixed 5.3.18-59.5.2
In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).
- CVE-2019-19377Nov 29, 2019affected < 5.3.18-150300.59.71.2fixed 5.3.18-150300.59.71.2
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
- CVE-2019-18814Nov 7, 2019affected < 5.3.18-59.5.2fixed 5.3.18-59.5.2
An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.
- CVE-2019-3900Apr 25, 2019affected < 4.12.14-197.102.2fixed 4.12.14-197.102.2
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could
- CVE-2019-3874Mar 25, 2019affected < 4.12.14-197.102.2fixed 4.12.14-197.102.2
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.
- CVE-2018-9517Dec 7, 2018affected < 4.12.14-197.102.2fixed 4.12.14-197.102.2
In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-3
- CVE-2018-13405Jul 6, 2018affected < 4.12.14-197.102.2fixed 4.12.14-197.102.2
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the no
- CVE-2018-7755Mar 8, 2018affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel
- affected < 5.3.18-150300.59.93.1fixed 5.3.18-150300.59.93.1
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.
- affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanis
Page 17 of 17