rpm package

suse/kernel-azure&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Vulnerabilities (1,481)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2019-16231	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Sep 11, 2019	drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16232	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Sep 11, 2019	drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16233	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Sep 11, 2019	drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16234	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Sep 11, 2019	drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-9455	—	< 4.12.14-16.16.1	4.12.14-16.16.1	Sep 6, 2019	In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-9458	—	< 4.12.14-16.13.1	4.12.14-16.13.1	Sep 6, 2019	In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-9456	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Sep 6, 2019	In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2017-18595	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Sep 4, 2019	An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.
CVE-2019-15916	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Sep 4, 2019	An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.
CVE-2019-15213	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Aug 19, 2019	An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.
CVE-2019-9506	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Aug 14, 2019	The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inje
CVE-2018-20836	—	< 4.12.14-16.13.1	4.12.14-16.13.1	May 7, 2019	An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
CVE-2019-3900	—	< 4.12.14-16.73.2	4.12.14-16.73.2	Apr 25, 2019	An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could
CVE-2019-3874	—	< 4.12.14-16.73.2	4.12.14-16.73.2	Mar 25, 2019	The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.
CVE-2018-20669	—	< 4.12.14-16.41.1	4.12.14-16.41.1	Mar 18, 2019	An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kern
CVE-2019-3701	—	< 4.12.14-16.13.1	4.12.14-16.13.1	Jan 3, 2019	An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame mod
CVE-2018-9517	—	< 4.12.14-16.73.2	4.12.14-16.73.2	Dec 7, 2018	In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-3
CVE-2018-1000199	—	< 4.12.14-16.16.1	4.12.14-16.16.1	May 24, 2018	The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears
CVE-2018-3639	—	< 4.12.14-16.25.1	4.12.14-16.25.1	May 22, 2018	Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka
CVE-2018-7755	—	< 4.12.14-16.97.1	4.12.14-16.97.1	Mar 8, 2018	An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel

CVE-2019-16231Sep 11, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16232Sep 11, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16233Sep 11, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-16234Sep 11, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-9455Sep 6, 2019
affected < 4.12.14-16.16.1fixed 4.12.14-16.16.1
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-9458Sep 6, 2019
affected < 4.12.14-16.13.1fixed 4.12.14-16.13.1
In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-9456Sep 6, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2017-18595Sep 4, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.
CVE-2019-15916Sep 4, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.
CVE-2019-15213Aug 19, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.
CVE-2019-9506Aug 14, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inje
CVE-2018-20836May 7, 2019
affected < 4.12.14-16.13.1fixed 4.12.14-16.13.1
An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.
CVE-2019-3900Apr 25, 2019
affected < 4.12.14-16.73.2fixed 4.12.14-16.73.2
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could
CVE-2019-3874Mar 25, 2019
affected < 4.12.14-16.73.2fixed 4.12.14-16.73.2
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.
CVE-2018-20669Mar 18, 2019
affected < 4.12.14-16.41.1fixed 4.12.14-16.41.1
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kern
CVE-2019-3701Jan 3, 2019
affected < 4.12.14-16.13.1fixed 4.12.14-16.13.1
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame mod
CVE-2018-9517Dec 7, 2018
affected < 4.12.14-16.73.2fixed 4.12.14-16.73.2
In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-3
CVE-2018-1000199May 24, 2018
affected < 4.12.14-16.16.1fixed 4.12.14-16.16.1
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears
CVE-2018-3639May 22, 2018
affected < 4.12.14-16.25.1fixed 4.12.14-16.25.1
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka
CVE-2018-7755Mar 8, 2018
affected < 4.12.14-16.97.1fixed 4.12.14-16.97.1
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel

Page 74 of 75