rpm package
suse/kernel-livepatch-SLE15-SP2_Update_9&distro=SUSE Linux Enterprise Live Patching 15 SP2
pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_9&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2
Vulnerabilities (48)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-27825 | — | < 1-5.3.1 | 1-5.3.1 | Dec 11, 2020 | A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local at | ||
| CVE-2020-27786 | — | < 1-5.3.1 | 1-5.3.1 | Dec 11, 2020 | A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of ex | ||
| CVE-2020-29660 | — | < 1-5.3.1 | 1-5.3.1 | Dec 9, 2020 | A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. | ||
| CVE-2020-29661 | — | < 1-5.3.1 | 1-5.3.1 | Dec 9, 2020 | A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. | ||
| CVE-2020-29368 | — | < 2-2.1 | 2-2.1 | Nov 28, 2020 | An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. | ||
| CVE-2020-29370 | — | < 1-5.3.1 | 1-5.3.1 | Nov 28, 2020 | An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. | ||
| CVE-2020-29373 | — | < 1-5.3.1 | 1-5.3.1 | Nov 28, 2020 | An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d. | ||
| CVE-2020-11668 | — | < 1-5.3.1 | 1-5.3.1 | Apr 9, 2020 | In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. |
- CVE-2020-27825Dec 11, 2020affected < 1-5.3.1fixed 1-5.3.1
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local at
- CVE-2020-27786Dec 11, 2020affected < 1-5.3.1fixed 1-5.3.1
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of ex
- CVE-2020-29660Dec 9, 2020affected < 1-5.3.1fixed 1-5.3.1
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
- CVE-2020-29661Dec 9, 2020affected < 1-5.3.1fixed 1-5.3.1
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
- CVE-2020-29368Nov 28, 2020affected < 2-2.1fixed 2-2.1
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
- CVE-2020-29370Nov 28, 2020affected < 1-5.3.1fixed 1-5.3.1
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
- CVE-2020-29373Nov 28, 2020affected < 1-5.3.1fixed 1-5.3.1
An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d.
- CVE-2020-11668Apr 9, 2020affected < 1-5.3.1fixed 1-5.3.1
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.
Page 3 of 3