VYPR

rpm package

opensuse/kernel-source&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,435)

  • CVE-2011-1180CriJun 8, 2013
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivit

  • CVE-2013-2850Jun 7, 2013
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possi

  • CVE-2011-4604Jun 7, 2013
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The bat_socket_read function in net/batman-adv/icmp_socket.c in the Linux kernel before 3.3 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted batman-adv ICMP packet.

  • CVE-2013-0913Mar 18, 2013
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of servic

  • CVE-2013-0160Feb 18, 2013
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.

  • CVE-2013-0231Feb 13, 2013
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some o

  • CVE-2012-3520Oct 3, 2012
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager.

  • CVE-2012-3412Oct 3, 2012
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value.

  • CVE-2012-0056Jan 27, 2012
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc//mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.

  • CVE-2011-2203Jan 27, 2012
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The hfs_find_init function in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record.

  • CVE-2011-1581May 26, 2011
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote a

  • CVE-2011-1577May 3, 2011
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-t

  • CVE-2011-0711Mar 1, 2011
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call.

  • CVE-2011-1020Feb 28, 2011
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of servi

  • CVE-2011-0712Feb 18, 2011
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_us

  • CVE-2010-3298Sep 30, 2010
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.

  • CVE-2010-3297Sep 30, 2010
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETMASTRCFG ioctl call.

  • CVE-2010-3296Sep 30, 2010
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a CHELSIO_GET_QSET_

  • CVE-2010-3310Sep 29, 2010
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    Multiple integer signedness errors in net/rose/af_rose.c in the Linux kernel before 2.6.36-rc5-next-20100923 allow local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a rose_getname function call, related to the rose_bin

  • CVE-2010-3081HigSep 24, 2010
    affected < 4.8.13-1.1fixed 4.8.13-1.1

    The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging

Page 71 of 72