rpm package

opensuse/kernel-kvmsmall&distro=openSUSE Leap 15.2

pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.2

Vulnerabilities (187)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2020-12771	—	< 5.3.18-lp152.33.1	5.3.18-lp152.33.1	May 9, 2020	An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
CVE-2020-12656	—	< 5.3.18-lp152.26.2	5.3.18-lp152.26.2	May 5, 2020	gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not al
CVE-2020-11668	—	< 5.3.18-lp152.60.1	5.3.18-lp152.60.1	Apr 9, 2020	In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.
CVE-2019-19769	—	< 5.3.18-lp152.69.1	5.3.18-lp152.69.1	Dec 12, 2019	In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).
CVE-2019-19462	—	< 5.3.18-lp152.26.2	5.3.18-lp152.26.2	Nov 30, 2019	relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
CVE-2019-18814	—	< 5.3.18-lp152.69.1	5.3.18-lp152.69.1	Nov 7, 2019	An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.
CVE-2018-13405	—	< 5.3.18-lp152.102.1	5.3.18-lp152.102.1	Jul 6, 2018	The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the no

CVE-2020-12771May 9, 2020
affected < 5.3.18-lp152.33.1fixed 5.3.18-lp152.33.1
An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails.
CVE-2020-12656May 5, 2020
affected < 5.3.18-lp152.26.2fixed 5.3.18-lp152.26.2
gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not al
CVE-2020-11668Apr 9, 2020
affected < 5.3.18-lp152.60.1fixed 5.3.18-lp152.60.1
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.
CVE-2019-19769Dec 12, 2019
affected < 5.3.18-lp152.69.1fixed 5.3.18-lp152.69.1
In the Linux kernel 5.3.10, there is a use-after-free (read) in the perf_trace_lock_acquire function (related to include/trace/events/lock.h).
CVE-2019-19462Nov 30, 2019
affected < 5.3.18-lp152.26.2fixed 5.3.18-lp152.26.2
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
CVE-2019-18814Nov 7, 2019
affected < 5.3.18-lp152.69.1fixed 5.3.18-lp152.69.1
An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.
CVE-2018-13405Jul 6, 2018
affected < 5.3.18-lp152.102.1fixed 5.3.18-lp152.102.1
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the no

Page 10 of 10