VYPR

rpm package

suse/kernel-livepatch-SLE15-SP1_Update_18&distro=SUSE Linux Enterprise Live Patching 15 SP1

pkg:rpm/suse/kernel-livepatch-SLE15-SP1_Update_18&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP1

Vulnerabilities (50)

  • CVE-2020-29660MedDec 9, 2020
    affected < 3-2.1fixed 3-2.1

    A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.

  • CVE-2020-14351HigDec 3, 2020
    affected < 1-3.3.1fixed 1-3.3.1

    A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidenti

  • CVE-2020-25656MedDec 2, 2020
    affected < 1-3.3.1fixed 1-3.3.1

    A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidential

  • CVE-2020-29368HigNov 28, 2020
    affected < 3-2.1fixed 3-2.1

    An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.

  • CVE-2020-25705HigNov 17, 2020
    affected < 2-2.1fixed 2-2.1

    A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well

  • CVE-2020-8694MedNov 12, 2020
    affected < 1-3.3.1fixed 1-3.3.1

    Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-27675MedOct 22, 2020
    affected < 1-3.3.1fixed 1-3.3.1

    An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrate

  • CVE-2020-27673MedOct 22, 2020
    affected < 1-3.3.1fixed 1-3.3.1

    An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.

  • CVE-2020-0430HigSep 17, 2020
    affected < 1-3.3.1fixed 1-3.3.1

    In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A

  • CVE-2020-25285MedSep 13, 2020
    affected < 1-3.3.1fixed 1-3.3.1

    A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.

Page 3 of 3