rpm package
opensuse/kernel-rt&distro=openSUSE Leap Micro 5.2
pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.2
Vulnerabilities (127)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-36516 | — | < 5.3.18-150300.99.1 | 5.3.18-150300.99.1 | Feb 26, 2022 | An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. | ||
| CVE-2021-33061 | — | < 5.3.18-150300.93.1 | 5.3.18-150300.93.1 | Feb 9, 2022 | Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. | ||
| CVE-2020-16119 | — | < 5.3.18-150300.106.1 | 5.3.18-150300.106.1 | Jan 14, 2021 | Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0 | ||
| CVE-2020-26541 | — | < 5.3.18-150300.93.1 | 5.3.18-150300.93.1 | Oct 2, 2020 | The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. | ||
| CVE-2019-19377 | — | < 5.3.18-150300.93.1 | 5.3.18-150300.93.1 | Nov 29, 2019 | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. | ||
| CVE-2019-19083 | — | < 5.3.18-150300.115.1 | 5.3.18-150300.115.1 | Nov 18, 2019 | Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce11 | ||
| CVE-2016-3695 | Med | 5.5 | < 5.3.18-150300.106.1 | 5.3.18-150300.106.1 | Dec 29, 2017 | The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. |
- CVE-2020-36516Feb 26, 2022affected < 5.3.18-150300.99.1fixed 5.3.18-150300.99.1
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.
- CVE-2021-33061Feb 9, 2022affected < 5.3.18-150300.93.1fixed 5.3.18-150300.93.1
Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2020-16119Jan 14, 2021affected < 5.3.18-150300.106.1fixed 5.3.18-150300.106.1
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0
- CVE-2020-26541Oct 2, 2020affected < 5.3.18-150300.93.1fixed 5.3.18-150300.93.1
The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
- CVE-2019-19377Nov 29, 2019affected < 5.3.18-150300.93.1fixed 5.3.18-150300.93.1
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
- CVE-2019-19083Nov 18, 2019affected < 5.3.18-150300.115.1fixed 5.3.18-150300.115.1
Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce11
- affected < 5.3.18-150300.106.1fixed 5.3.18-150300.106.1
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.
Page 7 of 7