rpm package
suse/kernel-livepatch-SLE15_Update_22&distro=SUSE Linux Enterprise Live Patching 15
pkg:rpm/suse/kernel-livepatch-SLE15_Update_22&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015
Vulnerabilities (74)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-20934 | — | < 1-1.3.1 | 1-1.3.1 | Nov 28, 2020 | An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. | ||
| CVE-2020-29368 | — | < 2-2.2 | 2-2.2 | Nov 28, 2020 | An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. | ||
| CVE-2020-29371 | — | < 1-1.3.1 | 1-1.3.1 | Nov 28, 2020 | An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. | ||
| CVE-2020-15437 | — | < 1-1.3.1 | 1-1.3.1 | Nov 23, 2020 | The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. | ||
| CVE-2020-15436 | — | < 1-1.3.1 | 1-1.3.1 | Nov 23, 2020 | Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. | ||
| CVE-2020-28974 | — | < 1-1.3.1 | 1-1.3.1 | Nov 20, 2020 | A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such | ||
| CVE-2020-4788 | — | < 1-1.3.1 | 1-1.3.1 | Nov 20, 2020 | IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | ||
| CVE-2020-28915 | — | < 1-1.3.1 | 1-1.3.1 | Nov 18, 2020 | A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. | ||
| CVE-2020-0433 | — | < 5-2.2 | 5-2.2 | Sep 17, 2020 | In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An | ||
| CVE-2020-10781 | — | < 1-1.3.1 | 1-1.3.1 | Sep 16, 2020 | A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not acco | ||
| CVE-2020-25211 | — | < 1-1.3.1 | 1-1.3.1 | Sep 9, 2020 | In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef | ||
| CVE-2020-3702 | — | < 14-2.2 | 14-2.2 | Sep 8, 2020 | u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapd | ||
| CVE-2019-20806 | — | < 1-1.3.1 | 1-1.3.1 | May 27, 2020 | An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75. | ||
| CVE-2020-11668 | — | < 1-1.3.1 | 1-1.3.1 | Apr 9, 2020 | In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. |
- CVE-2019-20934Nov 28, 2020affected < 1-1.3.1fixed 1-1.3.1
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
- CVE-2020-29368Nov 28, 2020affected < 2-2.2fixed 2-2.2
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
- CVE-2020-29371Nov 28, 2020affected < 1-1.3.1fixed 1-1.3.1
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.
- CVE-2020-15437Nov 23, 2020affected < 1-1.3.1fixed 1-1.3.1
The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.
- CVE-2020-15436Nov 23, 2020affected < 1-1.3.1fixed 1-1.3.1
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
- CVE-2020-28974Nov 20, 2020affected < 1-1.3.1fixed 1-1.3.1
A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such
- CVE-2020-4788Nov 20, 2020affected < 1-1.3.1fixed 1-1.3.1
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
- CVE-2020-28915Nov 18, 2020affected < 1-1.3.1fixed 1-1.3.1
A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.
- CVE-2020-0433Sep 17, 2020affected < 5-2.2fixed 5-2.2
In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An
- CVE-2020-10781Sep 16, 2020affected < 1-1.3.1fixed 1-1.3.1
A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not acco
- CVE-2020-25211Sep 9, 2020affected < 1-1.3.1fixed 1-1.3.1
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef
- CVE-2020-3702Sep 8, 2020affected < 14-2.2fixed 14-2.2
u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapd
- CVE-2019-20806May 27, 2020affected < 1-1.3.1fixed 1-1.3.1
An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.
- CVE-2020-11668Apr 9, 2020affected < 1-1.3.1fixed 1-1.3.1
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.
Page 4 of 4