rpm package
suse/kernel-azure&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5
pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
Vulnerabilities (1,481)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-29661 | — | < 4.12.14-16.41.1 | 4.12.14-16.41.1 | Dec 9, 2020 | A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. | ||
| CVE-2020-14351 | — | < 4.12.14-16.34.1 | 4.12.14-16.34.1 | Dec 3, 2020 | A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidenti | ||
| CVE-2020-14381 | — | < 4.12.14-16.31.1 | 4.12.14-16.31.1 | Dec 3, 2020 | A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiali | ||
| CVE-2020-25704 | — | < 4.12.14-16.38.1 | 4.12.14-16.38.1 | Dec 2, 2020 | A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. | ||
| CVE-2020-25656 | — | < 4.12.14-16.34.1 | 4.12.14-16.34.1 | Dec 2, 2020 | A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidential | ||
| CVE-2019-20934 | — | < 4.12.14-16.41.1 | 4.12.14-16.41.1 | Nov 28, 2020 | An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. | ||
| CVE-2020-29368 | — | < 4.12.14-16.50.1 | 4.12.14-16.50.1 | Nov 28, 2020 | An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. | ||
| CVE-2020-29371 | — | < 4.12.14-16.41.1 | 4.12.14-16.41.1 | Nov 28, 2020 | An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. | ||
| CVE-2020-29374 | — | < 4.12.14-16.50.1 | 4.12.14-16.50.1 | Nov 28, 2020 | An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended writ | ||
| CVE-2020-15437 | — | < 4.12.14-16.38.1 | 4.12.14-16.38.1 | Nov 23, 2020 | The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. | ||
| CVE-2020-15436 | — | < 4.12.14-16.41.1 | 4.12.14-16.41.1 | Nov 23, 2020 | Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. | ||
| CVE-2020-12352 | — | < 4.12.14-16.34.1 | 4.12.14-16.34.1 | Nov 23, 2020 | Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | ||
| CVE-2020-12351 | — | < 4.12.14-16.34.1 | 4.12.14-16.34.1 | Nov 23, 2020 | Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | ||
| CVE-2020-28974 | — | < 4.12.14-16.38.1 | 4.12.14-16.38.1 | Nov 20, 2020 | A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such | ||
| CVE-2020-4788 | — | < 4.12.14-16.41.1 | 4.12.14-16.41.1 | Nov 20, 2020 | IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | ||
| CVE-2020-28915 | — | < 4.12.14-16.38.1 | 4.12.14-16.38.1 | Nov 18, 2020 | A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. | ||
| CVE-2020-25705 | — | < 4.12.14-16.34.1 | 4.12.14-16.34.1 | Nov 17, 2020 | A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well | ||
| CVE-2020-8694 | — | < 4.12.14-16.38.1 | 4.12.14-16.38.1 | Nov 12, 2020 | Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||
| CVE-2020-27673 | — | < 4.12.14-16.34.1 | 4.12.14-16.34.1 | Oct 22, 2020 | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. | ||
| CVE-2020-27675 | — | < 4.12.14-16.34.1 | 4.12.14-16.34.1 | Oct 22, 2020 | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrate |
- CVE-2020-29661Dec 9, 2020affected < 4.12.14-16.41.1fixed 4.12.14-16.41.1
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
- CVE-2020-14351Dec 3, 2020affected < 4.12.14-16.34.1fixed 4.12.14-16.34.1
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidenti
- CVE-2020-14381Dec 3, 2020affected < 4.12.14-16.31.1fixed 4.12.14-16.31.1
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiali
- CVE-2020-25704Dec 2, 2020affected < 4.12.14-16.38.1fixed 4.12.14-16.38.1
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
- CVE-2020-25656Dec 2, 2020affected < 4.12.14-16.34.1fixed 4.12.14-16.34.1
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidential
- CVE-2019-20934Nov 28, 2020affected < 4.12.14-16.41.1fixed 4.12.14-16.41.1
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
- CVE-2020-29368Nov 28, 2020affected < 4.12.14-16.50.1fixed 4.12.14-16.50.1
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
- CVE-2020-29371Nov 28, 2020affected < 4.12.14-16.41.1fixed 4.12.14-16.41.1
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.
- CVE-2020-29374Nov 28, 2020affected < 4.12.14-16.50.1fixed 4.12.14-16.50.1
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended writ
- CVE-2020-15437Nov 23, 2020affected < 4.12.14-16.38.1fixed 4.12.14-16.38.1
The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.
- CVE-2020-15436Nov 23, 2020affected < 4.12.14-16.41.1fixed 4.12.14-16.41.1
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
- CVE-2020-12352Nov 23, 2020affected < 4.12.14-16.34.1fixed 4.12.14-16.34.1
Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
- CVE-2020-12351Nov 23, 2020affected < 4.12.14-16.34.1fixed 4.12.14-16.34.1
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
- CVE-2020-28974Nov 20, 2020affected < 4.12.14-16.38.1fixed 4.12.14-16.38.1
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such
- CVE-2020-4788Nov 20, 2020affected < 4.12.14-16.41.1fixed 4.12.14-16.41.1
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
- CVE-2020-28915Nov 18, 2020affected < 4.12.14-16.38.1fixed 4.12.14-16.38.1
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.
- CVE-2020-25705Nov 17, 2020affected < 4.12.14-16.34.1fixed 4.12.14-16.34.1
A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well
- CVE-2020-8694Nov 12, 2020affected < 4.12.14-16.38.1fixed 4.12.14-16.38.1
Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2020-27673Oct 22, 2020affected < 4.12.14-16.34.1fixed 4.12.14-16.34.1
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
- CVE-2020-27675Oct 22, 2020affected < 4.12.14-16.34.1fixed 4.12.14-16.34.1
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrate
Page 65 of 75