rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Server 12 SP4
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4
Vulnerabilities (224)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-19536 | — | < 4.12.14-95.48.1 | 4.12.14-95.48.1 | Dec 3, 2019 | In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. | ||
| CVE-2019-19537 | — | < 4.12.14-95.48.1 | 4.12.14-95.48.1 | Dec 3, 2019 | In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. | ||
| CVE-2019-19462 | — | < 4.12.14-95.54.1 | 4.12.14-95.54.1 | Nov 30, 2019 | relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. | ||
| CVE-2019-14897 | — | < 4.12.14-95.48.1 | 4.12.14-95.48.1 | Nov 29, 2019 | A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together | ||
| CVE-2019-14895 | — | < 4.12.14-95.45.1 | 4.12.14-95.45.1 | Nov 29, 2019 | A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could | ||
| CVE-2019-19318 | — | < 4.12.14-95.48.1 | 4.12.14-95.48.1 | Nov 27, 2019 | In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, | ||
| CVE-2019-19319 | — | < 4.12.14-95.48.1 | 4.12.14-95.48.1 | Nov 27, 2019 | In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30 | ||
| CVE-2019-18660 | — | < 4.12.14-95.45.1 | 4.12.14-95.45.1 | Nov 27, 2019 | The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. | ||
| CVE-2019-10220 | — | < 4.12.14-95.40.1 | 4.12.14-95.40.1 | Nov 27, 2019 | Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. | ||
| CVE-2019-14896 | — | < 4.12.14-95.48.1 | 4.12.14-95.48.1 | Nov 27, 2019 | A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called a | ||
| CVE-2019-10207 | — | < 4.12.14-95.32.1 | 4.12.14-95.32.1 | Nov 25, 2019 | A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call an | ||
| CVE-2019-14815 | — | < 4.12.14-95.32.1 | 4.12.14-95.32.1 | Nov 25, 2019 | A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. | ||
| CVE-2019-19227 | — | < 4.12.14-95.45.1 | 4.12.14-95.45.1 | Nov 22, 2019 | In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, a | ||
| CVE-2019-19036 | — | < 4.12.14-95.48.1 | 4.12.14-95.48.1 | Nov 21, 2019 | btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero. | ||
| CVE-2019-19077 | — | < 4.12.14-95.45.1 | 4.12.14-95.45.1 | Nov 18, 2019 | A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14. | ||
| CVE-2019-19075 | — | < 4.12.14-95.45.1 | 4.12.14-95.45.1 | Nov 18, 2019 | A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e. | ||
| CVE-2019-19074 | — | < 4.12.14-95.45.1 | 4.12.14-95.45.1 | Nov 18, 2019 | A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4. | ||
| CVE-2019-19073 | — | < 4.12.14-95.45.1 | 4.12.14-95.45.1 | Nov 18, 2019 | Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_c | ||
| CVE-2019-19068 | — | < 4.12.14-95.45.1 | 4.12.14-95.45.1 | Nov 18, 2019 | A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6. | ||
| CVE-2019-19067 | — | < 4.12.14-95.45.1 | 4.12.14-95.45.1 | Nov 18, 2019 | Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c |
- CVE-2019-19536Dec 3, 2019affected < 4.12.14-95.48.1fixed 4.12.14-95.48.1
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.
- CVE-2019-19537Dec 3, 2019affected < 4.12.14-95.48.1fixed 4.12.14-95.48.1
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.
- CVE-2019-19462Nov 30, 2019affected < 4.12.14-95.54.1fixed 4.12.14-95.54.1
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
- CVE-2019-14897Nov 29, 2019affected < 4.12.14-95.48.1fixed 4.12.14-95.48.1
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together
- CVE-2019-14895Nov 29, 2019affected < 4.12.14-95.45.1fixed 4.12.14-95.45.1
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could
- CVE-2019-19318Nov 27, 2019affected < 4.12.14-95.48.1fixed 4.12.14-95.48.1
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,
- CVE-2019-19319Nov 27, 2019affected < 4.12.14-95.48.1fixed 4.12.14-95.48.1
In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30
- CVE-2019-18660Nov 27, 2019affected < 4.12.14-95.45.1fixed 4.12.14-95.45.1
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.
- CVE-2019-10220Nov 27, 2019affected < 4.12.14-95.40.1fixed 4.12.14-95.40.1
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
- CVE-2019-14896Nov 27, 2019affected < 4.12.14-95.48.1fixed 4.12.14-95.48.1
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called a
- CVE-2019-10207Nov 25, 2019affected < 4.12.14-95.32.1fixed 4.12.14-95.32.1
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call an
- CVE-2019-14815Nov 25, 2019affected < 4.12.14-95.32.1fixed 4.12.14-95.32.1
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
- CVE-2019-19227Nov 22, 2019affected < 4.12.14-95.45.1fixed 4.12.14-95.45.1
In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, a
- CVE-2019-19036Nov 21, 2019affected < 4.12.14-95.48.1fixed 4.12.14-95.48.1
btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.
- CVE-2019-19077Nov 18, 2019affected < 4.12.14-95.45.1fixed 4.12.14-95.45.1
A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14.
- CVE-2019-19075Nov 18, 2019affected < 4.12.14-95.45.1fixed 4.12.14-95.45.1
A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.
- CVE-2019-19074Nov 18, 2019affected < 4.12.14-95.45.1fixed 4.12.14-95.45.1
A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
- CVE-2019-19073Nov 18, 2019affected < 4.12.14-95.45.1fixed 4.12.14-95.45.1
Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_c
- CVE-2019-19068Nov 18, 2019affected < 4.12.14-95.45.1fixed 4.12.14-95.45.1
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.
- CVE-2019-19067Nov 18, 2019affected < 4.12.14-95.45.1fixed 4.12.14-95.45.1
Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c
Page 4 of 12