rpm package
opensuse/kernel-kvmsmall&distro=openSUSE Leap 15.2
pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.2
Vulnerabilities (187)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-26147 | Med | 5.4 | < 5.3.18-lp152.78.1 | 5.3.18-lp152.78.1 | May 11, 2021 | An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends | |
| CVE-2020-26145 | Med | 6.5 | < 5.3.18-lp152.78.1 | 5.3.18-lp152.78.1 | May 11, 2021 | An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitra | |
| CVE-2020-26141 | Med | 6.5 | < 5.3.18-lp152.78.1 | 5.3.18-lp152.78.1 | May 11, 2021 | An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 network | |
| CVE-2020-26139 | Med | 5.3 | < 5.3.18-lp152.78.1 | 5.3.18-lp152.78.1 | May 11, 2021 | An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against c | |
| CVE-2020-24588 | Low | 3.5 | < 5.3.18-lp152.78.1 | 5.3.18-lp152.78.1 | May 11, 2021 | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is manda | |
| CVE-2020-24587 | — | < 5.3.18-lp152.78.1 | 5.3.18-lp152.78.1 | May 11, 2021 | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends f | ||
| CVE-2020-24586 | — | < 5.3.18-lp152.78.1 | 5.3.18-lp152.78.1 | May 11, 2021 | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented | ||
| CVE-2021-32399 | — | < 5.3.18-lp152.78.1 | 5.3.18-lp152.78.1 | May 10, 2021 | net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. | ||
| CVE-2021-31916 | — | < 5.3.18-lp152.106.1 | 5.3.18-lp152.106.1 | May 6, 2021 | An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memo | ||
| CVE-2020-35519 | — | < 5.3.18-lp152.69.1 | 5.3.18-lp152.69.1 | May 6, 2021 | An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak | ||
| CVE-2021-29155 | — | < 5.3.18-lp152.75.1 | 5.3.18-lp152.75.1 | Apr 20, 2021 | An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specificall | ||
| CVE-2020-36322 | — | < 5.3.18-lp152.72.1 | 5.3.18-lp152.72.1 | Apr 14, 2021 | An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and i | ||
| CVE-2021-29154 | — | < 5.3.18-lp152.72.1 | 5.3.18-lp152.72.1 | Apr 8, 2021 | BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. | ||
| CVE-2020-36310 | — | < 5.3.18-lp152.72.1 | 5.3.18-lp152.72.1 | Apr 6, 2021 | An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52. | ||
| CVE-2020-36311 | — | < 5.3.18-lp152.72.1 | 5.3.18-lp152.72.1 | Apr 6, 2021 | An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184. | ||
| CVE-2020-36312 | — | < 5.3.18-lp152.72.1 | 5.3.18-lp152.72.1 | Apr 6, 2021 | An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. | ||
| CVE-2021-28688 | — | < 5.3.18-lp152.69.1 | 5.3.18-lp152.69.1 | Apr 6, 2021 | The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup wo | ||
| CVE-2021-30002 | — | < 5.3.18-lp152.72.1 | 5.3.18-lp152.72.1 | Apr 2, 2021 | An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. | ||
| CVE-2021-29647 | — | < 5.3.18-lp152.69.1 | 5.3.18-lp152.69.1 | Mar 30, 2021 | An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. | ||
| CVE-2021-29650 | — | < 5.3.18-lp152.75.1 | 5.3.18-lp152.75.1 | Mar 30, 2021 | An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, a |
- affected < 5.3.18-lp152.78.1fixed 5.3.18-lp152.78.1
An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends
- affected < 5.3.18-lp152.78.1fixed 5.3.18-lp152.78.1
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitra
- affected < 5.3.18-lp152.78.1fixed 5.3.18-lp152.78.1
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 network
- affected < 5.3.18-lp152.78.1fixed 5.3.18-lp152.78.1
An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against c
- affected < 5.3.18-lp152.78.1fixed 5.3.18-lp152.78.1
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is manda
- CVE-2020-24587May 11, 2021affected < 5.3.18-lp152.78.1fixed 5.3.18-lp152.78.1
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends f
- CVE-2020-24586May 11, 2021affected < 5.3.18-lp152.78.1fixed 5.3.18-lp152.78.1
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented
- CVE-2021-32399May 10, 2021affected < 5.3.18-lp152.78.1fixed 5.3.18-lp152.78.1
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
- CVE-2021-31916May 6, 2021affected < 5.3.18-lp152.106.1fixed 5.3.18-lp152.106.1
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memo
- CVE-2020-35519May 6, 2021affected < 5.3.18-lp152.69.1fixed 5.3.18-lp152.69.1
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak
- CVE-2021-29155Apr 20, 2021affected < 5.3.18-lp152.75.1fixed 5.3.18-lp152.75.1
An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specificall
- CVE-2020-36322Apr 14, 2021affected < 5.3.18-lp152.72.1fixed 5.3.18-lp152.72.1
An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and i
- CVE-2021-29154Apr 8, 2021affected < 5.3.18-lp152.72.1fixed 5.3.18-lp152.72.1
BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.
- CVE-2020-36310Apr 6, 2021affected < 5.3.18-lp152.72.1fixed 5.3.18-lp152.72.1
An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.
- CVE-2020-36311Apr 6, 2021affected < 5.3.18-lp152.72.1fixed 5.3.18-lp152.72.1
An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.
- CVE-2020-36312Apr 6, 2021affected < 5.3.18-lp152.72.1fixed 5.3.18-lp152.72.1
An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.
- CVE-2021-28688Apr 6, 2021affected < 5.3.18-lp152.69.1fixed 5.3.18-lp152.69.1
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup wo
- CVE-2021-30002Apr 2, 2021affected < 5.3.18-lp152.72.1fixed 5.3.18-lp152.72.1
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.
- CVE-2021-29647Mar 30, 2021affected < 5.3.18-lp152.69.1fixed 5.3.18-lp152.69.1
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.
- CVE-2021-29650Mar 30, 2021affected < 5.3.18-lp152.75.1fixed 5.3.18-lp152.75.1
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, a
Page 4 of 10