rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 12 SP4
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4
Vulnerabilities (487)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-3900 | — | < 4.12.14-95.83.2 | 4.12.14-95.83.2 | Apr 25, 2019 | An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could | ||
| CVE-2019-3874 | — | < 4.12.14-95.83.2 | 4.12.14-95.83.2 | Mar 25, 2019 | The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. | ||
| CVE-2019-3701 | — | < 4.12.14-95.51.1 | 4.12.14-95.51.1 | Jan 3, 2019 | An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame mod | ||
| CVE-2018-9517 | — | < 4.12.14-95.83.2 | 4.12.14-95.83.2 | Dec 7, 2018 | In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-3 | ||
| CVE-2018-13405 | — | < 4.12.14-95.83.2 | 4.12.14-95.83.2 | Jul 6, 2018 | The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the no | ||
| CVE-2018-1000199 | — | < 4.12.14-95.54.1 | 4.12.14-95.54.1 | May 24, 2018 | The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears | ||
| CVE-2017-5753 | — | < 4.12.14-95.125.1 | 4.12.14-95.125.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. |
- CVE-2019-3900Apr 25, 2019affected < 4.12.14-95.83.2fixed 4.12.14-95.83.2
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could
- CVE-2019-3874Mar 25, 2019affected < 4.12.14-95.83.2fixed 4.12.14-95.83.2
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.
- CVE-2019-3701Jan 3, 2019affected < 4.12.14-95.51.1fixed 4.12.14-95.51.1
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame mod
- CVE-2018-9517Dec 7, 2018affected < 4.12.14-95.83.2fixed 4.12.14-95.83.2
In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-3
- CVE-2018-13405Jul 6, 2018affected < 4.12.14-95.83.2fixed 4.12.14-95.83.2
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the no
- CVE-2018-1000199May 24, 2018affected < 4.12.14-95.54.1fixed 4.12.14-95.54.1
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears
- CVE-2017-5753Jan 4, 2018affected < 4.12.14-95.125.1fixed 4.12.14-95.125.1
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Page 25 of 25