rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Server 12 SP3
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3
Vulnerabilities (174)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-10124 | — | < 4.4.131-94.29.1 | 4.4.131-94.29.1 | Apr 16, 2018 | The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument. | ||
| CVE-2018-10087 | — | < 4.4.131-94.29.1 | 4.4.131-94.29.1 | Apr 13, 2018 | The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. | ||
| CVE-2017-18257 | — | < 4.4.126-94.22.1 | 4.4.126-94.22.1 | Apr 4, 2018 | The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. | ||
| CVE-2018-1091 | — | < 4.4.126-94.22.1 | 4.4.126-94.22.1 | Mar 27, 2018 | In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transact | ||
| CVE-2017-18249 | — | < 4.4.138-94.39.1 | 4.4.138-94.39.1 | Mar 26, 2018 | The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads. | ||
| CVE-2017-18241 | — | < 4.4.138-94.39.1 | 4.4.138-94.39.1 | Mar 21, 2018 | fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure. | ||
| CVE-2018-8822 | — | < 4.4.126-94.22.1 | 4.4.126-94.22.1 | Mar 20, 2018 | Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the | ||
| CVE-2018-1068 | — | < 4.4.120-94.17.1 | 4.4.120-94.17.1 | Mar 16, 2018 | A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. | ||
| CVE-2018-8087 | — | < 4.4.120-94.17.1 | 4.4.120-94.17.1 | Mar 13, 2018 | Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case. | ||
| CVE-2018-8043 | — | < 4.4.126-94.22.1 | 4.4.126-94.22.1 | Mar 10, 2018 | The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). | ||
| CVE-2018-7757 | — | < 4.4.156-94.57.1 | 4.4.156-94.57.1 | Mar 8, 2018 | Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by | ||
| CVE-2018-7740 | — | < 4.4.126-94.22.1 | 4.4.126-94.22.1 | Mar 7, 2018 | The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. | ||
| CVE-2018-1065 | — | < 4.4.131-94.29.1 | 4.4.131-94.29.1 | Mar 2, 2018 | The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capab | ||
| CVE-2017-18208 | — | < 4.4.120-94.17.1 | 4.4.120-94.17.1 | Mar 1, 2018 | The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping. | ||
| CVE-2018-7492 | — | < 4.4.131-94.29.1 | 4.4.131-94.29.1 | Feb 26, 2018 | A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST. | ||
| CVE-2018-7480 | — | < 4.4.156-94.57.1 | 4.4.156-94.57.1 | Feb 25, 2018 | The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure. | ||
| CVE-2017-18174 | — | < 4.4.120-94.17.1 | 4.4.120-94.17.1 | Feb 11, 2018 | In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free. | ||
| CVE-2018-1000026 | — | < 4.4.120-94.17.1 | 4.4.120-94.17.1 | Feb 9, 2018 | Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An atta | ||
| CVE-2017-16913 | — | < 4.4.120-94.17.1 | 4.4.120-94.17.1 | Jan 31, 2018 | The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP pack | ||
| CVE-2017-16912 | — | < 4.4.120-94.17.1 | 4.4.120-94.17.1 | Jan 31, 2018 | The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet. |
- CVE-2018-10124Apr 16, 2018affected < 4.4.131-94.29.1fixed 4.4.131-94.29.1
The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.
- CVE-2018-10087Apr 13, 2018affected < 4.4.131-94.29.1fixed 4.4.131-94.29.1
The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.
- CVE-2017-18257Apr 4, 2018affected < 4.4.126-94.22.1fixed 4.4.126-94.22.1
The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.
- CVE-2018-1091Mar 27, 2018affected < 4.4.126-94.22.1fixed 4.4.126-94.22.1
In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transact
- CVE-2017-18249Mar 26, 2018affected < 4.4.138-94.39.1fixed 4.4.138-94.39.1
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.
- CVE-2017-18241Mar 21, 2018affected < 4.4.138-94.39.1fixed 4.4.138-94.39.1
fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.
- CVE-2018-8822Mar 20, 2018affected < 4.4.126-94.22.1fixed 4.4.126-94.22.1
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the
- CVE-2018-1068Mar 16, 2018affected < 4.4.120-94.17.1fixed 4.4.120-94.17.1
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
- CVE-2018-8087Mar 13, 2018affected < 4.4.120-94.17.1fixed 4.4.120-94.17.1
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.
- CVE-2018-8043Mar 10, 2018affected < 4.4.126-94.22.1fixed 4.4.126-94.22.1
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).
- CVE-2018-7757Mar 8, 2018affected < 4.4.156-94.57.1fixed 4.4.156-94.57.1
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by
- CVE-2018-7740Mar 7, 2018affected < 4.4.126-94.22.1fixed 4.4.126-94.22.1
The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.
- CVE-2018-1065Mar 2, 2018affected < 4.4.131-94.29.1fixed 4.4.131-94.29.1
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capab
- CVE-2017-18208Mar 1, 2018affected < 4.4.120-94.17.1fixed 4.4.120-94.17.1
The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.
- CVE-2018-7492Feb 26, 2018affected < 4.4.131-94.29.1fixed 4.4.131-94.29.1
A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.
- CVE-2018-7480Feb 25, 2018affected < 4.4.156-94.57.1fixed 4.4.156-94.57.1
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
- CVE-2017-18174Feb 11, 2018affected < 4.4.120-94.17.1fixed 4.4.120-94.17.1
In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.
- CVE-2018-1000026Feb 9, 2018affected < 4.4.120-94.17.1fixed 4.4.120-94.17.1
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An atta
- CVE-2017-16913Jan 31, 2018affected < 4.4.120-94.17.1fixed 4.4.120-94.17.1
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP pack
- CVE-2017-16912Jan 31, 2018affected < 4.4.120-94.17.1fixed 4.4.120-94.17.1
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
Page 6 of 9