VYPR

rpm package

opensuse/kernel-source&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,435)

  • CVE-2019-3882Apr 24, 2019
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a syste

  • CVE-2019-3887Apr 9, 2019
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw t

  • CVE-2019-7222Mar 17, 2019
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

  • CVE-2019-7221Mar 17, 2019
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

  • CVE-2019-8912Feb 18, 2019
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.

  • CVE-2019-6974Feb 15, 2019
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

  • CVE-2018-19824Dec 3, 2018
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.

  • CVE-2018-18710Oct 27, 2018
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CV

  • CVE-2018-13053LowJul 2, 2018
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.

  • CVE-2018-12714CriJun 24, 2018
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers

  • CVE-2018-12232MedJun 12, 2018
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference c

  • CVE-2018-1118LowMay 10, 2018
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading f

  • CVE-2018-10323MedApr 24, 2018
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.

  • CVE-2018-10322MedApr 24, 2018
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.

  • CVE-2018-8822HigMar 20, 2018
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the

  • CVE-2018-1068MedMar 16, 2018
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.

  • CVE-2018-8087MedMar 13, 2018
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.

  • CVE-2018-8043MedMar 10, 2018
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).

  • CVE-2018-1000004MedJan 16, 2018
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.

  • CVE-2018-5333MedJan 11, 2018
    affected < 5.14.6-1.4fixed 5.14.6-1.4

    In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.

Page 66 of 72