rpm package
suse/drbd-kmp&distro=SUSE Linux Enterprise High Availability Extension 11 SP4
pkg:rpm/suse/drbd-kmp&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2011%20SP4
Vulnerabilities (30)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7482 | — | < 8.4.4-0.27.2.13 | 8.4.4-0.27.2.13 | Jul 30, 2018 | In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory | ||
| CVE-2017-18079 | — | < 8.4.4-0.27.4.6 | 8.4.4-0.27.4.6 | Jan 29, 2018 | drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. | ||
| CVE-2015-1142857 | — | < 8.4.4-0.27.4.6 | 8.4.4-0.27.4.6 | Jan 23, 2018 | On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4 | ||
| CVE-2018-1000004 | — | < 8.4.4-0.27.4.6 | 8.4.4-0.27.4.6 | Jan 16, 2018 | In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. | ||
| CVE-2017-13215 | — | < 8.4.4-0.27.4.6 | 8.4.4-0.27.4.6 | Jan 12, 2018 | A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel. | ||
| CVE-2018-5333 | — | < 8.4.4-0.27.4.6 | 8.4.4-0.27.4.6 | Jan 11, 2018 | In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. | ||
| CVE-2018-5332 | — | < 8.4.4-0.27.4.6 | 8.4.4-0.27.4.6 | Jan 11, 2018 | In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). | ||
| CVE-2017-5715 | — | < 8.4.4-0.27.4.6 | 8.4.4-0.27.4.6 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||
| CVE-2017-18017 | — | < 8.4.4-0.27.4.6 | 8.4.4-0.27.4.6 | Jan 3, 2018 | The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presenc | ||
| CVE-2017-17741 | Med | 6.5 | < 8.4.4-0.27.4.6 | 8.4.4-0.27.4.6 | Dec 18, 2017 | The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. | |
| CVE-2017-7533 | Hig | 7.0 | < 8.4.4-0.27.2.13 | 8.4.4-0.27.2.13 | Aug 5, 2017 | Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename funct | |
| CVE-2017-7542 | Med | 5.5 | < 8.4.4-0.27.2.13 | 8.4.4-0.27.2.13 | Jul 21, 2017 | The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket. | |
| CVE-2017-11473 | Hig | 7.8 | < 8.4.4-0.27.2.13 | 8.4.4-0.27.2.13 | Jul 20, 2017 | Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table. | |
| CVE-2017-1000363 | Hig | 7.8 | < 8.4.4-0.27.2.13 | 8.4.4-0.27.2.13 | Jul 17, 2017 | Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the a | |
| CVE-2017-11176 | Hig | 7.8 | < 8.4.4-0.27.2.13 | 8.4.4-0.27.2.13 | Jul 11, 2017 | The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other imp | |
| CVE-2017-1000365 | Hig | 7.8 | < 8.4.4-0.27.2.13 | 8.4.4-0.27.2.13 | Jun 19, 2017 | The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects | |
| CVE-2017-1000380 | Med | 5.5 | < 8.4.4-0.27.2.13 | 8.4.4-0.27.2.13 | Jun 17, 2017 | sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happ | |
| CVE-2017-9242 | Med | 5.5 | < 8.4.4-0.27.2.13 | 8.4.4-0.27.2.13 | May 27, 2017 | The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. | |
| CVE-2017-9077 | Hig | 7.8 | < 8.4.4-0.27.2.13 | 8.4.4-0.27.2.13 | May 19, 2017 | The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. | |
| CVE-2017-9076 | Hig | 7.8 | < 8.4.4-0.27.2.13 | 8.4.4-0.27.2.13 | May 19, 2017 | The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. |
- CVE-2017-7482Jul 30, 2018affected < 8.4.4-0.27.2.13fixed 8.4.4-0.27.2.13
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory
- CVE-2017-18079Jan 29, 2018affected < 8.4.4-0.27.4.6fixed 8.4.4-0.27.4.6
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
- CVE-2015-1142857Jan 23, 2018affected < 8.4.4-0.27.4.6fixed 8.4.4-0.27.4.6
On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4
- CVE-2018-1000004Jan 16, 2018affected < 8.4.4-0.27.4.6fixed 8.4.4-0.27.4.6
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.
- CVE-2017-13215Jan 12, 2018affected < 8.4.4-0.27.4.6fixed 8.4.4-0.27.4.6
A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.
- CVE-2018-5333Jan 11, 2018affected < 8.4.4-0.27.4.6fixed 8.4.4-0.27.4.6
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
- CVE-2018-5332Jan 11, 2018affected < 8.4.4-0.27.4.6fixed 8.4.4-0.27.4.6
In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).
- CVE-2017-5715Jan 4, 2018affected < 8.4.4-0.27.4.6fixed 8.4.4-0.27.4.6
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- CVE-2017-18017Jan 3, 2018affected < 8.4.4-0.27.4.6fixed 8.4.4-0.27.4.6
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presenc
- affected < 8.4.4-0.27.4.6fixed 8.4.4-0.27.4.6
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.
- affected < 8.4.4-0.27.2.13fixed 8.4.4-0.27.2.13
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename funct
- affected < 8.4.4-0.27.2.13fixed 8.4.4-0.27.2.13
The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.
- affected < 8.4.4-0.27.2.13fixed 8.4.4-0.27.2.13
Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.
- affected < 8.4.4-0.27.2.13fixed 8.4.4-0.27.2.13
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the a
- affected < 8.4.4-0.27.2.13fixed 8.4.4-0.27.2.13
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other imp
- affected < 8.4.4-0.27.2.13fixed 8.4.4-0.27.2.13
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects
- affected < 8.4.4-0.27.2.13fixed 8.4.4-0.27.2.13
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happ
- affected < 8.4.4-0.27.2.13fixed 8.4.4-0.27.2.13
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
- affected < 8.4.4-0.27.2.13fixed 8.4.4-0.27.2.13
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
- affected < 8.4.4-0.27.2.13fixed 8.4.4-0.27.2.13
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
Page 1 of 2