rpm package
suse/kernel-default&distro=SUSE Linux Enterprise High Availability Extension 15
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015
Vulnerabilities (611)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-9500 | — | < 4.12.14-150.17.1 | 4.12.14-150.17.1 | Jan 16, 2020 | The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brc | ||
| CVE-2020-7053 | — | < 4.12.14-150.52.1 | 4.12.14-150.52.1 | Jan 14, 2020 | In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ | ||
| CVE-2019-19332 | — | < 4.12.14-150.47.1 | 4.12.14-150.47.1 | Jan 9, 2020 | An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access t | ||
| CVE-2019-20095 | — | < 4.12.14-150.52.1 | 4.12.14-150.52.1 | Dec 30, 2019 | mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. | ||
| CVE-2019-20096 | — | < 4.12.14-150.52.1 | 4.12.14-150.52.1 | Dec 30, 2019 | In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. | ||
| CVE-2019-20054 | — | < 4.12.14-150.52.1 | 4.12.14-150.52.1 | Dec 28, 2019 | In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. | ||
| CVE-2019-19965 | — | < 4.12.14-150.52.1 | 4.12.14-150.52.1 | Dec 25, 2019 | In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. | ||
| CVE-2019-19966 | — | < 4.12.14-150.52.1 | 4.12.14-150.52.1 | Dec 25, 2019 | In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. | ||
| CVE-2019-19767 | — | < 4.12.14-150.47.1 | 4.12.14-150.47.1 | Dec 12, 2019 | The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. | ||
| CVE-2019-19770 | — | < 4.12.14-150.52.1 | 4.12.14-150.52.1 | Dec 12, 2019 | In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux | ||
| CVE-2019-19768 | — | < 4.12.14-150.52.1 | 4.12.14-150.52.1 | Dec 12, 2019 | In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer). | ||
| CVE-2019-19447 | — | < 4.12.14-150.52.1 | 4.12.14-150.52.1 | Dec 8, 2019 | In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. | ||
| CVE-2019-19543 | — | < 4.12.14-150.47.1 | 4.12.14-150.47.1 | Dec 3, 2019 | In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. | ||
| CVE-2019-19523 | — | < 4.12.14-150.47.1 | 4.12.14-150.47.1 | Dec 3, 2019 | In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. | ||
| CVE-2019-19524 | — | < 4.12.14-150.47.1 | 4.12.14-150.47.1 | Dec 3, 2019 | In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. | ||
| CVE-2019-19525 | — | < 4.12.14-150.47.1 | 4.12.14-150.47.1 | Dec 3, 2019 | In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035. | ||
| CVE-2019-19526 | — | < 4.12.14-150.47.1 | 4.12.14-150.47.1 | Dec 3, 2019 | In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098. | ||
| CVE-2019-19527 | — | < 4.12.14-150.47.1 | 4.12.14-150.47.1 | Dec 3, 2019 | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. | ||
| CVE-2019-19528 | — | < 4.12.14-150.47.1 | 4.12.14-150.47.1 | Dec 3, 2019 | In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. | ||
| CVE-2019-19529 | — | < 4.12.14-150.47.1 | 4.12.14-150.47.1 | Dec 3, 2019 | In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41. |
- CVE-2019-9500Jan 16, 2020affected < 4.12.14-150.17.1fixed 4.12.14-150.17.1
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brc
- CVE-2020-7053Jan 14, 2020affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_
- CVE-2019-19332Jan 9, 2020affected < 4.12.14-150.47.1fixed 4.12.14-150.47.1
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access t
- CVE-2019-20095Dec 30, 2019affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.
- CVE-2019-20096Dec 30, 2019affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
- CVE-2019-20054Dec 28, 2019affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
- CVE-2019-19965Dec 25, 2019affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
- CVE-2019-19966Dec 25, 2019affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
- CVE-2019-19767Dec 12, 2019affected < 4.12.14-150.47.1fixed 4.12.14-150.47.1
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.
- CVE-2019-19770Dec 12, 2019affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux
- CVE-2019-19768Dec 12, 2019affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).
- CVE-2019-19447Dec 8, 2019affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
- CVE-2019-19543Dec 3, 2019affected < 4.12.14-150.47.1fixed 4.12.14-150.47.1
In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.
- CVE-2019-19523Dec 3, 2019affected < 4.12.14-150.47.1fixed 4.12.14-150.47.1
In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.
- CVE-2019-19524Dec 3, 2019affected < 4.12.14-150.47.1fixed 4.12.14-150.47.1
In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.
- CVE-2019-19525Dec 3, 2019affected < 4.12.14-150.47.1fixed 4.12.14-150.47.1
In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035.
- CVE-2019-19526Dec 3, 2019affected < 4.12.14-150.47.1fixed 4.12.14-150.47.1
In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.
- CVE-2019-19527Dec 3, 2019affected < 4.12.14-150.47.1fixed 4.12.14-150.47.1
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.
- CVE-2019-19528Dec 3, 2019affected < 4.12.14-150.47.1fixed 4.12.14-150.47.1
In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.
- CVE-2019-19529Dec 3, 2019affected < 4.12.14-150.47.1fixed 4.12.14-150.47.1
In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.
Page 19 of 31