rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP1
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP1
Vulnerabilities (669)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-14901 | — | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Nov 29, 2019 | A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with th | ||
| CVE-2019-14897 | — | < 4.12.14-197.34.1 | 4.12.14-197.34.1 | Nov 29, 2019 | A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together | ||
| CVE-2019-14895 | — | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Nov 29, 2019 | A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could | ||
| CVE-2019-19318 | — | < 4.12.14-197.34.1 | 4.12.14-197.34.1 | Nov 27, 2019 | In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, | ||
| CVE-2019-19319 | — | < 4.12.14-197.34.1 | 4.12.14-197.34.1 | Nov 27, 2019 | In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30 | ||
| CVE-2019-18660 | — | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Nov 27, 2019 | The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. | ||
| CVE-2019-10220 | — | < 4.12.14-197.26.1 | 4.12.14-197.26.1 | Nov 27, 2019 | Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. | ||
| CVE-2019-14896 | — | < 4.12.14-197.34.1 | 4.12.14-197.34.1 | Nov 27, 2019 | A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called a | ||
| CVE-2019-10207 | — | < 4.12.14-197.18.1 | 4.12.14-197.18.1 | Nov 25, 2019 | A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call an | ||
| CVE-2019-14815 | — | < 4.12.14-197.18.1 | 4.12.14-197.18.1 | Nov 25, 2019 | A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. | ||
| CVE-2019-19227 | — | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Nov 22, 2019 | In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, a | ||
| CVE-2019-19036 | — | < 4.12.14-197.34.1 | 4.12.14-197.34.1 | Nov 21, 2019 | btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero. | ||
| CVE-2019-19083 | — | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Nov 18, 2019 | Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce11 | ||
| CVE-2019-19082 | — | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Nov 18, 2019 | Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/d | ||
| CVE-2019-19081 | — | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Nov 18, 2019 | A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a. | ||
| CVE-2019-19080 | — | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Nov 18, 2019 | Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a. | ||
| CVE-2019-19078 | — | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Nov 18, 2019 | A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2. | ||
| CVE-2019-19077 | — | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Nov 18, 2019 | A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14. | ||
| CVE-2019-19075 | — | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Nov 18, 2019 | A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e. | ||
| CVE-2019-19074 | — | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Nov 18, 2019 | A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4. |
- CVE-2019-14901Nov 29, 2019affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with th
- CVE-2019-14897Nov 29, 2019affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together
- CVE-2019-14895Nov 29, 2019affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could
- CVE-2019-19318Nov 27, 2019affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,
- CVE-2019-19319Nov 27, 2019affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30
- CVE-2019-18660Nov 27, 2019affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.
- CVE-2019-10220Nov 27, 2019affected < 4.12.14-197.26.1fixed 4.12.14-197.26.1
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
- CVE-2019-14896Nov 27, 2019affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called a
- CVE-2019-10207Nov 25, 2019affected < 4.12.14-197.18.1fixed 4.12.14-197.18.1
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call an
- CVE-2019-14815Nov 25, 2019affected < 4.12.14-197.18.1fixed 4.12.14-197.18.1
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
- CVE-2019-19227Nov 22, 2019affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, a
- CVE-2019-19036Nov 21, 2019affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.
- CVE-2019-19083Nov 18, 2019affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce11
- CVE-2019-19082Nov 18, 2019affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/d
- CVE-2019-19081Nov 18, 2019affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.
- CVE-2019-19080Nov 18, 2019affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.
- CVE-2019-19078Nov 18, 2019affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.
- CVE-2019-19077Nov 18, 2019affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14.
- CVE-2019-19075Nov 18, 2019affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.
- CVE-2019-19074Nov 18, 2019affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
Page 27 of 34