rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Workstation Extension 12 SP3
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP3
Vulnerabilities (163)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1120 | — | < 4.4.175-94.79.1 | 4.4.175-94.79.1 | Jun 20, 2018 | A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which m | ||
| CVE-2018-5848 | — | < 4.4.138-94.39.1 | 4.4.138-94.39.1 | Jun 12, 2018 | In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using t | ||
| CVE-2018-5814 | — | < 4.4.178-94.91.2 | 4.4.178-94.91.2 | Jun 12, 2018 | In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP pa | ||
| CVE-2018-5803 | — | < 4.4.131-94.29.1 | 4.4.131-94.29.1 | Jun 12, 2018 | In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. | ||
| CVE-2018-12233 | — | < 4.4.138-94.39.1 | 4.4.138-94.39.1 | Jun 12, 2018 | In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with th | ||
| CVE-2018-1000199 | — | < 4.4.131-94.29.1 | 4.4.131-94.29.1 | May 24, 2018 | The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears | ||
| CVE-2018-3639 | — | < 4.4.131-94.29.1 | 4.4.131-94.29.1 | May 22, 2018 | Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka | ||
| CVE-2018-1130 | — | < 4.4.131-94.29.1 | 4.4.131-94.29.1 | May 10, 2018 | Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. | ||
| CVE-2018-8781 | — | < 4.4.131-94.29.1 | 4.4.131-94.29.1 | Apr 23, 2018 | The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, | ||
| CVE-2018-10124 | — | < 4.4.131-94.29.1 | 4.4.131-94.29.1 | Apr 16, 2018 | The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument. | ||
| CVE-2018-10087 | — | < 4.4.131-94.29.1 | 4.4.131-94.29.1 | Apr 13, 2018 | The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. | ||
| CVE-2017-18257 | — | < 4.4.126-94.22.1 | 4.4.126-94.22.1 | Apr 4, 2018 | The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. | ||
| CVE-2018-1091 | — | < 4.4.126-94.22.1 | 4.4.126-94.22.1 | Mar 27, 2018 | In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transact | ||
| CVE-2017-18249 | — | < 4.4.138-94.39.1 | 4.4.138-94.39.1 | Mar 26, 2018 | The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads. | ||
| CVE-2017-18241 | — | < 4.4.138-94.39.1 | 4.4.138-94.39.1 | Mar 21, 2018 | fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure. | ||
| CVE-2018-8822 | — | < 4.4.126-94.22.1 | 4.4.126-94.22.1 | Mar 20, 2018 | Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the | ||
| CVE-2018-1068 | — | < 4.4.120-94.17.1 | 4.4.120-94.17.1 | Mar 16, 2018 | A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. | ||
| CVE-2018-8087 | — | < 4.4.120-94.17.1 | 4.4.120-94.17.1 | Mar 13, 2018 | Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case. | ||
| CVE-2018-8043 | — | < 4.4.126-94.22.1 | 4.4.126-94.22.1 | Mar 10, 2018 | The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). | ||
| CVE-2018-7757 | — | < 4.4.156-94.57.1 | 4.4.156-94.57.1 | Mar 8, 2018 | Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by |
- CVE-2018-1120Jun 20, 2018affected < 4.4.175-94.79.1fixed 4.4.175-94.79.1
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which m
- CVE-2018-5848Jun 12, 2018affected < 4.4.138-94.39.1fixed 4.4.138-94.39.1
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using t
- CVE-2018-5814Jun 12, 2018affected < 4.4.178-94.91.2fixed 4.4.178-94.91.2
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP pa
- CVE-2018-5803Jun 12, 2018affected < 4.4.131-94.29.1fixed 4.4.131-94.29.1
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
- CVE-2018-12233Jun 12, 2018affected < 4.4.138-94.39.1fixed 4.4.138-94.39.1
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with th
- CVE-2018-1000199May 24, 2018affected < 4.4.131-94.29.1fixed 4.4.131-94.29.1
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears
- CVE-2018-3639May 22, 2018affected < 4.4.131-94.29.1fixed 4.4.131-94.29.1
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka
- CVE-2018-1130May 10, 2018affected < 4.4.131-94.29.1fixed 4.4.131-94.29.1
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
- CVE-2018-8781Apr 23, 2018affected < 4.4.131-94.29.1fixed 4.4.131-94.29.1
The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages,
- CVE-2018-10124Apr 16, 2018affected < 4.4.131-94.29.1fixed 4.4.131-94.29.1
The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.
- CVE-2018-10087Apr 13, 2018affected < 4.4.131-94.29.1fixed 4.4.131-94.29.1
The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.
- CVE-2017-18257Apr 4, 2018affected < 4.4.126-94.22.1fixed 4.4.126-94.22.1
The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.
- CVE-2018-1091Mar 27, 2018affected < 4.4.126-94.22.1fixed 4.4.126-94.22.1
In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transact
- CVE-2017-18249Mar 26, 2018affected < 4.4.138-94.39.1fixed 4.4.138-94.39.1
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.
- CVE-2017-18241Mar 21, 2018affected < 4.4.138-94.39.1fixed 4.4.138-94.39.1
fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.
- CVE-2018-8822Mar 20, 2018affected < 4.4.126-94.22.1fixed 4.4.126-94.22.1
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the
- CVE-2018-1068Mar 16, 2018affected < 4.4.120-94.17.1fixed 4.4.120-94.17.1
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
- CVE-2018-8087Mar 13, 2018affected < 4.4.120-94.17.1fixed 4.4.120-94.17.1
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.
- CVE-2018-8043Mar 10, 2018affected < 4.4.126-94.22.1fixed 4.4.126-94.22.1
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).
- CVE-2018-7757Mar 8, 2018affected < 4.4.156-94.57.1fixed 4.4.156-94.57.1
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by
Page 5 of 9