VYPR

rpm package

suse/kernel-default&distro=SUSE Linux Enterprise Server 12 SP2-LTSS

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS

Vulnerabilities (307)

  • CVE-2018-1087HigMay 15, 2018
    affected < 4.4.121-92.73.1fixed 4.4.121-92.73.1

    kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During

  • CVE-2018-1130MedMay 10, 2018
    affected < 4.4.121-92.85.1fixed 4.4.121-92.85.1

    Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.

  • CVE-2018-10940MedMay 9, 2018
    affected < 4.4.121-92.95.1fixed 4.4.121-92.95.1

    The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.

  • CVE-2018-8897HigMay 8, 2018
    affected < 4.4.121-92.73.1fixed 4.4.121-92.73.1

    A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP

  • CVE-2018-8781HigApr 23, 2018
    affected < 4.4.121-92.73.1fixed 4.4.121-92.73.1

    The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages,

  • CVE-2018-10124MedApr 16, 2018
    affected < 4.4.121-92.73.1fixed 4.4.121-92.73.1

    The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.

  • CVE-2018-10087MedApr 13, 2018
    affected < 4.4.121-92.73.1fixed 4.4.121-92.73.1

    The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.

  • CVE-2017-18257MedApr 4, 2018
    affected < 4.4.121-92.73.1fixed 4.4.121-92.73.1

    The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.

  • CVE-2017-13305HigApr 4, 2018
    affected < 4.4.121-92.85.1fixed 4.4.121-92.85.1

    A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.

  • CVE-2018-1094MedApr 2, 2018
    affected < 4.4.121-92.85.1fixed 4.4.121-92.85.1

    The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 imag

  • CVE-2018-1093MedApr 2, 2018
    affected < 4.4.121-92.85.1fixed 4.4.121-92.85.1

    The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.

  • CVE-2018-1092MedApr 2, 2018
    affected < 4.4.121-92.85.1fixed 4.4.121-92.85.1

    The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 imag

  • CVE-2017-18255HigMar 31, 2018
    affected < 4.4.121-92.129.1fixed 4.4.121-92.129.1

    The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calcu

  • CVE-2018-1091MedMar 27, 2018
    affected < 4.4.121-92.109.2fixed 4.4.121-92.109.2

    In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transact

  • CVE-2017-18249HigMar 26, 2018
    affected < 4.4.121-92.85.1fixed 4.4.121-92.85.1

    The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.

  • CVE-2017-18241MedMar 21, 2018
    affected < 4.4.121-92.85.1fixed 4.4.121-92.85.1

    fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.

  • CVE-2018-8822HigMar 20, 2018
    affected < 4.4.121-92.73.1fixed 4.4.121-92.73.1

    Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the

  • CVE-2018-8043MedMar 10, 2018
    affected < 4.4.121-92.73.1fixed 4.4.121-92.73.1

    The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).

  • CVE-2018-7757MedMar 8, 2018
    affected < 4.4.121-92.95.1fixed 4.4.121-92.95.1

    Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by

  • CVE-2018-7740MedMar 7, 2018
    affected < 4.4.121-92.73.1fixed 4.4.121-92.73.1

    The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.

Page 15 of 16