rpm package

suse/kernel-default&distro=SUSE Linux Enterprise Server 12 SP3-BCL

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL

Vulnerabilities (414)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2019-19074	—	< 4.4.180-94.113.1	4.4.180-94.113.1	Nov 18, 2019	A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
CVE-2019-19073	—	< 4.4.180-94.113.1	4.4.180-94.113.1	Nov 18, 2019	Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_c
CVE-2019-19066	—	< 4.4.180-94.116.1	4.4.180-94.116.1	Nov 18, 2019	A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.
CVE-2019-19065	—	< 4.4.180-94.113.1	4.4.180-94.113.1	Nov 18, 2019	A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a
CVE-2019-19063	—	< 4.4.180-94.135.1	4.4.180-94.135.1	Nov 18, 2019	Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.
CVE-2019-19062	—	< 4.4.180-94.113.1	4.4.180-94.113.1	Nov 18, 2019	A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.
CVE-2019-19052	—	< 4.4.180-94.113.1	4.4.180-94.113.1	Nov 18, 2019	A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.
CVE-2018-12207	—	< 4.4.180-94.107.1	4.4.180-94.107.1	Nov 14, 2019	Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.
CVE-2019-0155	—	< 4.4.180-94.107.1	4.4.180-94.107.1	Nov 14, 2019	Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) A
CVE-2019-0154	—	< 4.4.180-94.107.1	4.4.180-94.107.1	Nov 14, 2019	Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Ato
CVE-2019-11135	—	< 4.4.180-94.107.1	4.4.180-94.107.1	Nov 14, 2019	TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CVE-2019-18805	—	< 4.4.180-94.113.1	4.4.180-94.113.1	Nov 7, 2019	An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of servi
CVE-2019-18683	—	< 4.4.180-94.113.1	4.4.180-94.113.1	Nov 4, 2019	An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race condit
CVE-2019-18680	—	< 4.4.180-94.113.1	4.4.180-94.113.1	Nov 4, 2019	An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0.
CVE-2019-17666	—	< 4.4.180-94.107.1	4.4.180-94.107.1	Oct 17, 2019	rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
CVE-2019-17133	—	< 4.4.180-94.107.1	4.4.180-94.107.1	Oct 4, 2019	In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
CVE-2019-17055	—	< 4.4.180-94.107.1	4.4.180-94.107.1	Oct 1, 2019	base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.
CVE-2019-17056	—	< 4.4.180-94.107.1	4.4.180-94.107.1	Oct 1, 2019	llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.
CVE-2019-16995	—	< 4.4.180-94.107.1	4.4.180-94.107.1	Sep 30, 2019	In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.
CVE-2019-16746	—	< 4.4.180-94.130.1	4.4.180-94.130.1	Sep 24, 2019	An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.

CVE-2019-19074Nov 18, 2019
affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
CVE-2019-19073Nov 18, 2019
affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_c
CVE-2019-19066Nov 18, 2019
affected < 4.4.180-94.116.1fixed 4.4.180-94.116.1
A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.
CVE-2019-19065Nov 18, 2019
affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a
CVE-2019-19063Nov 18, 2019
affected < 4.4.180-94.135.1fixed 4.4.180-94.135.1
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.
CVE-2019-19062Nov 18, 2019
affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.
CVE-2019-19052Nov 18, 2019
affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.
CVE-2018-12207Nov 14, 2019
affected < 4.4.180-94.107.1fixed 4.4.180-94.107.1
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.
CVE-2019-0155Nov 14, 2019
affected < 4.4.180-94.107.1fixed 4.4.180-94.107.1
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) A
CVE-2019-0154Nov 14, 2019
affected < 4.4.180-94.107.1fixed 4.4.180-94.107.1
Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Ato
CVE-2019-11135Nov 14, 2019
affected < 4.4.180-94.107.1fixed 4.4.180-94.107.1
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
CVE-2019-18805Nov 7, 2019
affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of servi
CVE-2019-18683Nov 4, 2019
affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race condit
CVE-2019-18680Nov 4, 2019
affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0.
CVE-2019-17666Oct 17, 2019
affected < 4.4.180-94.107.1fixed 4.4.180-94.107.1
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
CVE-2019-17133Oct 4, 2019
affected < 4.4.180-94.107.1fixed 4.4.180-94.107.1
In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
CVE-2019-17055Oct 1, 2019
affected < 4.4.180-94.107.1fixed 4.4.180-94.107.1
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.
CVE-2019-17056Oct 1, 2019
affected < 4.4.180-94.107.1fixed 4.4.180-94.107.1
llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.
CVE-2019-16995Sep 30, 2019
affected < 4.4.180-94.107.1fixed 4.4.180-94.107.1
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.
CVE-2019-16746Sep 24, 2019
affected < 4.4.180-94.130.1fixed 4.4.180-94.130.1
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.

Page 17 of 21