VYPR

rpm package

suse/kernel-livepatch-SLE15-SP1_Update_10&distro=SUSE Linux Enterprise Live Patching 15 SP1

pkg:rpm/suse/kernel-livepatch-SLE15-SP1_Update_10&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP1

Vulnerabilities (38)

  • CVE-2020-25668HigMay 26, 2021
    affected < 8-2.2fixed 8-2.2

    A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.

  • CVE-2021-27365HigMar 7, 2021
    affected < 11-2.2fixed 11-2.2

    An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up t

  • CVE-2021-27364HigMar 7, 2021
    affected < 11-2.2fixed 11-2.2

    An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.

  • CVE-2021-27363MedMar 7, 2021
    affected < 11-2.2fixed 11-2.2

    An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via t

  • CVE-2021-3347HigJan 29, 2021
    affected < 10-2.2fixed 10-2.2

    An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.

  • CVE-2020-28374HigJan 13, 2021
    affected < 10-2.2fixed 10-2.2

    In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack c

  • CVE-2021-0342MedJan 11, 2021
    affected < 10-2.2fixed 10-2.2

    In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Androi

  • CVE-2020-36158HigJan 5, 2021
    affected < 9-2.2fixed 9-2.2

    mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.

  • CVE-2020-29569HigDec 15, 2020
    affected < 9-2.2fixed 9-2.2

    An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly togg

  • CVE-2020-0466HigDec 14, 2020
    affected < 9-2.2fixed 9-2.2

    In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion

  • CVE-2020-0465MedDec 14, 2020
    affected < 9-2.2fixed 9-2.2

    In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions

  • CVE-2020-27786HigDec 11, 2020
    affected < 10-2.2fixed 10-2.2

    A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of ex

  • CVE-2020-29661HigDec 9, 2020
    affected < 9-2.2fixed 9-2.2

    A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

  • CVE-2020-29660MedDec 9, 2020
    affected < 9-2.2fixed 9-2.2

    A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.

  • CVE-2020-14381HigDec 3, 2020
    affected < 6-2.2fixed 6-2.2

    A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiali

  • CVE-2020-29368HigNov 28, 2020
    affected < 9-2.2fixed 9-2.2

    An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.

  • CVE-2020-12351HigNov 23, 2020
    affected < 7-2.2fixed 7-2.2

    Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

  • CVE-2020-25705HigNov 17, 2020
    affected < 8-2.2fixed 8-2.2

    A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well

  • CVE-2020-8694MedNov 12, 2020
    affected < 8-2.2fixed 8-2.2

    Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-25645HigOct 13, 2020
    affected < 7-2.2fixed 7-2.2

    A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic u

Page 1 of 2