rpm package
suse/kernel-livepatch-SLE15_Update_18&distro=SUSE Linux Enterprise Live Patching 15
pkg:rpm/suse/kernel-livepatch-SLE15_Update_18&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015
Vulnerabilities (93)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-11608 | — | < 1-1.5.1 | 1-1.5.1 | Apr 7, 2020 | An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. | ||
| CVE-2020-11494 | — | < 1-1.5.1 | 1-1.5.1 | Apr 2, 2020 | An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL | ||
| CVE-2020-10942 | — | < 1-1.5.1 | 1-1.5.1 | Mar 24, 2020 | In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. | ||
| CVE-2020-9383 | — | < 1-1.5.1 | 1-1.5.1 | Feb 25, 2020 | An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. | ||
| CVE-2020-8992 | — | < 1-1.5.1 | 1-1.5.1 | Feb 14, 2020 | ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. | ||
| CVE-2020-8647 | — | < 1-1.5.1 | 1-1.5.1 | Feb 6, 2020 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. | ||
| CVE-2020-8648 | — | < 1-1.5.1 | 1-1.5.1 | Feb 6, 2020 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. | ||
| CVE-2020-8649 | — | < 1-1.5.1 | 1-1.5.1 | Feb 6, 2020 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. | ||
| CVE-2020-8428 | — | < 1-1.5.1 | 1-1.5.1 | Jan 28, 2020 | fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a | ||
| CVE-2019-14615 | — | < 1-1.5.1 | 1-1.5.1 | Jan 17, 2020 | Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. | ||
| CVE-2020-7053 | — | < 1-1.5.1 | 1-1.5.1 | Jan 14, 2020 | In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ | ||
| CVE-2019-20095 | — | < 1-1.5.1 | 1-1.5.1 | Dec 30, 2019 | mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. | ||
| CVE-2019-20096 | — | < 1-1.5.1 | 1-1.5.1 | Dec 30, 2019 | In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. | ||
| CVE-2019-20054 | — | < 1-1.5.1 | 1-1.5.1 | Dec 28, 2019 | In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. | ||
| CVE-2019-19965 | — | < 1-1.5.1 | 1-1.5.1 | Dec 25, 2019 | In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. | ||
| CVE-2019-19966 | — | < 1-1.5.1 | 1-1.5.1 | Dec 25, 2019 | In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. | ||
| CVE-2019-19770 | — | < 1-1.5.1 | 1-1.5.1 | Dec 12, 2019 | In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux | ||
| CVE-2019-19768 | — | < 1-1.5.1 | 1-1.5.1 | Dec 12, 2019 | In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer). | ||
| CVE-2019-19447 | — | < 1-1.5.1 | 1-1.5.1 | Dec 8, 2019 | In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. | ||
| CVE-2019-19462 | — | < 1-1.5.1 | 1-1.5.1 | Nov 30, 2019 | relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. |
- CVE-2020-11608Apr 7, 2020affected < 1-1.5.1fixed 1-1.5.1
An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.
- CVE-2020-11494Apr 2, 2020affected < 1-1.5.1fixed 1-1.5.1
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL
- CVE-2020-10942Mar 24, 2020affected < 1-1.5.1fixed 1-1.5.1
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
- CVE-2020-9383Feb 25, 2020affected < 1-1.5.1fixed 1-1.5.1
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
- CVE-2020-8992Feb 14, 2020affected < 1-1.5.1fixed 1-1.5.1
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.
- CVE-2020-8647Feb 6, 2020affected < 1-1.5.1fixed 1-1.5.1
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.
- CVE-2020-8648Feb 6, 2020affected < 1-1.5.1fixed 1-1.5.1
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
- CVE-2020-8649Feb 6, 2020affected < 1-1.5.1fixed 1-1.5.1
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
- CVE-2020-8428Jan 28, 2020affected < 1-1.5.1fixed 1-1.5.1
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a
- CVE-2019-14615Jan 17, 2020affected < 1-1.5.1fixed 1-1.5.1
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.
- CVE-2020-7053Jan 14, 2020affected < 1-1.5.1fixed 1-1.5.1
In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_
- CVE-2019-20095Dec 30, 2019affected < 1-1.5.1fixed 1-1.5.1
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.
- CVE-2019-20096Dec 30, 2019affected < 1-1.5.1fixed 1-1.5.1
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
- CVE-2019-20054Dec 28, 2019affected < 1-1.5.1fixed 1-1.5.1
In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
- CVE-2019-19965Dec 25, 2019affected < 1-1.5.1fixed 1-1.5.1
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
- CVE-2019-19966Dec 25, 2019affected < 1-1.5.1fixed 1-1.5.1
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
- CVE-2019-19770Dec 12, 2019affected < 1-1.5.1fixed 1-1.5.1
In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux
- CVE-2019-19768Dec 12, 2019affected < 1-1.5.1fixed 1-1.5.1
In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).
- CVE-2019-19447Dec 8, 2019affected < 1-1.5.1fixed 1-1.5.1
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
- CVE-2019-19462Nov 30, 2019affected < 1-1.5.1fixed 1-1.5.1
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
Page 4 of 5