rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Server 12 SP3-LTSS
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS
Vulnerabilities (358)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-19532 | — | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Dec 3, 2019 | In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-ga | ||
| CVE-2019-19533 | — | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Dec 3, 2019 | In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. | ||
| CVE-2019-19534 | — | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Dec 3, 2019 | In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. | ||
| CVE-2019-19535 | — | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Dec 3, 2019 | In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. | ||
| CVE-2019-19536 | — | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Dec 3, 2019 | In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. | ||
| CVE-2019-19537 | — | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Dec 3, 2019 | In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. | ||
| CVE-2019-19377 | — | < 4.4.180-94.164.3 | 4.4.180-94.164.3 | Nov 29, 2019 | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. | ||
| CVE-2019-14897 | — | < 4.4.180-94.116.1 | 4.4.180-94.116.1 | Nov 29, 2019 | A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together | ||
| CVE-2019-14895 | — | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Nov 29, 2019 | A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could | ||
| CVE-2019-19319 | — | < 4.4.180-94.116.1 | 4.4.180-94.116.1 | Nov 27, 2019 | In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30 | ||
| CVE-2019-18660 | — | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Nov 27, 2019 | The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. | ||
| CVE-2019-10220 | — | < 4.4.180-94.107.1 | 4.4.180-94.107.1 | Nov 27, 2019 | Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. | ||
| CVE-2019-14896 | — | < 4.4.180-94.116.1 | 4.4.180-94.116.1 | Nov 27, 2019 | A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called a | ||
| CVE-2019-10207 | — | < 4.4.180-94.103.1 | 4.4.180-94.103.1 | Nov 25, 2019 | A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call an | ||
| CVE-2019-18675 | — | < 4.4.180-94.116.1 | 4.4.180-94.116.1 | Nov 25, 2019 | The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel p | ||
| CVE-2019-14815 | — | < 4.4.180-94.107.1 | 4.4.180-94.107.1 | Nov 25, 2019 | A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. | ||
| CVE-2019-19074 | — | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Nov 18, 2019 | A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4. | ||
| CVE-2019-19073 | — | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Nov 18, 2019 | Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_c | ||
| CVE-2019-19066 | — | < 4.4.180-94.116.1 | 4.4.180-94.116.1 | Nov 18, 2019 | A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. | ||
| CVE-2019-19065 | — | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Nov 18, 2019 | A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a |
- CVE-2019-19532Dec 3, 2019affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-ga
- CVE-2019-19533Dec 3, 2019affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.
- CVE-2019-19534Dec 3, 2019affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.
- CVE-2019-19535Dec 3, 2019affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
- CVE-2019-19536Dec 3, 2019affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.
- CVE-2019-19537Dec 3, 2019affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.
- CVE-2019-19377Nov 29, 2019affected < 4.4.180-94.164.3fixed 4.4.180-94.164.3
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
- CVE-2019-14897Nov 29, 2019affected < 4.4.180-94.116.1fixed 4.4.180-94.116.1
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together
- CVE-2019-14895Nov 29, 2019affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could
- CVE-2019-19319Nov 27, 2019affected < 4.4.180-94.116.1fixed 4.4.180-94.116.1
In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30
- CVE-2019-18660Nov 27, 2019affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.
- CVE-2019-10220Nov 27, 2019affected < 4.4.180-94.107.1fixed 4.4.180-94.107.1
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
- CVE-2019-14896Nov 27, 2019affected < 4.4.180-94.116.1fixed 4.4.180-94.116.1
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called a
- CVE-2019-10207Nov 25, 2019affected < 4.4.180-94.103.1fixed 4.4.180-94.103.1
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call an
- CVE-2019-18675Nov 25, 2019affected < 4.4.180-94.116.1fixed 4.4.180-94.116.1
The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel p
- CVE-2019-14815Nov 25, 2019affected < 4.4.180-94.107.1fixed 4.4.180-94.107.1
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
- CVE-2019-19074Nov 18, 2019affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
- CVE-2019-19073Nov 18, 2019affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_c
- CVE-2019-19066Nov 18, 2019affected < 4.4.180-94.116.1fixed 4.4.180-94.116.1
A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.
- CVE-2019-19065Nov 18, 2019affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e. NOTE: This has been disputed as not a
Page 13 of 18