VYPR

rpm package

opensuse/kernel-vanilla&distro=openSUSE Leap 15.3

pkg:rpm/opensuse/kernel-vanilla&distro=openSUSE%20Leap%2015.3

Vulnerabilities (216)

  • CVE-2020-24588LowMay 11, 2021
    affected < 4.12.14-197.99.1fixed 4.12.14-197.99.1

    The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is manda

  • CVE-2021-31916May 6, 2021
    affected < 4.12.14-197.102.2fixed 4.12.14-197.102.2

    An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memo

  • CVE-2020-4788Nov 20, 2020
    affected < 4.12.14-197.102.2fixed 4.12.14-197.102.2

    IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.

  • CVE-2020-26541Oct 2, 2020
    affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2

    The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.

  • CVE-2020-0429Sep 17, 2020
    affected < 4.12.14-197.102.2fixed 4.12.14-197.102.2

    In l2tp_session_delete and related functions of l2tp_core.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers

  • CVE-2020-3702Sep 8, 2020
    affected < 4.12.14-197.102.2fixed 4.12.14-197.102.2

    u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapd

  • CVE-2019-20811Jun 3, 2020
    affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2

    An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.

  • CVE-2020-12770May 9, 2020
    affected < 4.12.14-197.102.2fixed 4.12.14-197.102.2

    An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.

  • CVE-2019-15126Feb 5, 2020
    affected < 4.12.14-197.105.1fixed 4.12.14-197.105.1

    An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure ov

  • CVE-2019-19377Nov 29, 2019
    affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2

    In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.

  • CVE-2019-3900Apr 25, 2019
    affected < 4.12.14-197.102.2fixed 4.12.14-197.102.2

    An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could

  • CVE-2019-3874Mar 25, 2019
    affected < 4.12.14-197.102.2fixed 4.12.14-197.102.2

    The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.

  • CVE-2018-9517Dec 7, 2018
    affected < 4.12.14-197.102.2fixed 4.12.14-197.102.2

    In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-3

  • CVE-2018-13405Jul 6, 2018
    affected < 4.12.14-197.102.2fixed 4.12.14-197.102.2

    The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the no

  • CVE-2018-7755Mar 8, 2018
    affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2

    An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel

  • CVE-2017-13695MedAug 25, 2017
    affected < 4.12.14-150100.197.114.2fixed 4.12.14-150100.197.114.2

    The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanis

Page 11 of 11