rpm package
suse/kernel-livepatch-SLE15-SP1_Update_25&distro=SUSE Linux Enterprise Live Patching 15 SP1
pkg:rpm/suse/kernel-livepatch-SLE15-SP1_Update_25&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP1
Vulnerabilities (45)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-24587 | Low | 2.6 | < 1-3.3.1 | 1-3.3.1 | May 11, 2021 | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends f | |
| CVE-2020-24586 | Low | 3.5 | < 1-3.3.1 | 1-3.3.1 | May 11, 2021 | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented | |
| CVE-2021-32399 | Hig | 7.0 | < 1-3.3.1 | 1-3.3.1 | May 10, 2021 | net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. | |
| CVE-2021-23133 | Med | 6.7 | < 1-3.3.1 | 1-3.3.1 | Apr 22, 2021 | A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is re | |
| CVE-2020-3702 | Med | 6.5 | < 9-2.2 | 9-2.2 | Sep 8, 2020 | u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapd |
- affected < 1-3.3.1fixed 1-3.3.1
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends f
- affected < 1-3.3.1fixed 1-3.3.1
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented
- affected < 1-3.3.1fixed 1-3.3.1
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.
- affected < 1-3.3.1fixed 1-3.3.1
A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is re
- affected < 9-2.2fixed 9-2.2
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapd
Page 3 of 3