VYPR

rpm package

opensuse/kernel-source&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,435)

  • CVE-2020-25656Dec 2, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidential

  • CVE-2020-12352Nov 23, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

  • CVE-2020-12351Nov 23, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2020-8694Nov 12, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2019-8564Oct 27, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state.

  • CVE-2020-14386Sep 16, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.

  • CVE-2020-10768Sep 15, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks

  • CVE-2020-10767Sep 15, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. T

  • CVE-2020-10766Sep 15, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This iss

  • CVE-2020-14331Sep 15, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA cons

  • CVE-2019-19338Jul 13, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw

  • CVE-2020-10135May 19, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersona

  • CVE-2020-2732Apr 8, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 g

  • CVE-2020-8648Feb 6, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.

  • CVE-2019-3016Jan 31, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly

  • CVE-2019-14615Jan 17, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.

  • CVE-2019-9500Jan 16, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brc

  • CVE-2019-19332Jan 9, 2020
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access t

  • CVE-2019-14896Nov 27, 2019
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called a

  • CVE-2019-19252Nov 25, 2019
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a.

Page 64 of 72