VYPR

rpm package

suse/kernel-livepatch-SLE15-SP1_Update_10&distro=SUSE Linux Enterprise Live Patching 15 SP1

pkg:rpm/suse/kernel-livepatch-SLE15-SP1_Update_10&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP1

Vulnerabilities (38)

  • CVE-2020-0431MedSep 17, 2020
    affected < 6-2.2fixed 6-2.2

    In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android

  • CVE-2020-14386MedSep 16, 2020
    affected < 6-2.2fixed 6-2.2

    A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.

  • CVE-2020-14331MedSep 15, 2020
    affected < 5-2.2fixed 5-2.2

    A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA cons

  • CVE-2020-25212HigSep 9, 2020
    affected < 6-2.2fixed 6-2.2

    A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.

  • CVE-2020-1749HigSep 9, 2020
    affected < 2-2.2fixed 2-2.2

    A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending

  • CVE-2020-24394HigAug 19, 2020
    affected < 6-2.2fixed 6-2.2

    In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

  • CVE-2020-15780MedJul 15, 2020
    affected < 5-2.2fixed 5-2.2

    An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.

  • CVE-2020-10757HigJun 9, 2020
    affected < 4-2.1fixed 4-2.1

    A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

  • CVE-2020-12653HigMay 5, 2020
    affected < 3-2.1fixed 3-2.1

    An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.

  • CVE-2020-12654HigMay 5, 2020
    affected < 3-2.1fixed 3-2.1

    An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.

  • CVE-2020-11668HigApr 9, 2020
    affected < 5-2.2fixed 5-2.2

    In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.

  • CVE-2020-9383HigFeb 25, 2020
    affected < 1-3.3.1fixed 1-3.3.1

    An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.

  • CVE-2020-8649MedFeb 6, 2020
    affected < 1-3.3.1fixed 1-3.3.1

    There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.

  • CVE-2020-8648HigFeb 6, 2020
    affected < 1-3.3.1fixed 1-3.3.1

    There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.

  • CVE-2020-8647MedFeb 6, 2020
    affected < 1-3.3.1fixed 1-3.3.1

    There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.

  • CVE-2019-19768HigDec 12, 2019
    affected < 1-3.3.1fixed 1-3.3.1

    In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).

  • CVE-2019-9458HigSep 6, 2019
    affected < 5-2.2fixed 5-2.2

    In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-1000199MedMay 24, 2018
    affected < 4-2.1fixed 4-2.1

    The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears

Page 2 of 2