VYPR

rpm package

suse/kernel-obs-build&distro=SUSE Linux Enterprise Module for Development Tools 15 SP1

pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1

Vulnerabilities (276)

  • CVE-2019-17055LowOct 1, 2019
    affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1

    base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.

  • CVE-2019-16995HigSep 30, 2019
    affected < 4.12.14-197.26.1fixed 4.12.14-197.26.1

    In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.

  • CVE-2019-16994MedSep 30, 2019
    affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1

    In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.

  • CVE-2019-16746CriSep 24, 2019
    affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1

    An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.

  • CVE-2019-14816HigSep 20, 2019
    affected < 4.12.14-197.18.1fixed 4.12.14-197.18.1

    There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

  • CVE-2019-14814HigSep 20, 2019
    affected < 4.12.14-197.18.1fixed 4.12.14-197.18.1

    There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

  • CVE-2019-14821HigSep 19, 2019
    affected < 4.12.14-197.21.1fixed 4.12.14-197.21.1

    An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first

  • CVE-2019-14835HigSep 17, 2019
    affected < 4.12.14-197.18.1fixed 4.12.14-197.18.1

    A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the

  • CVE-2019-15031MedSep 13, 2019
    affected < 4.12.14-197.18.1fixed 4.12.14-197.18.1

    In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then access

  • CVE-2019-15030MedSep 13, 2019
    affected < 4.12.14-197.18.1fixed 4.12.14-197.18.1

    In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbe

  • CVE-2019-16234MedSep 11, 2019
    affected < 4.12.14-197.26.1fixed 4.12.14-197.26.1

    drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

  • CVE-2019-16233MedSep 11, 2019
    affected < 4.12.14-197.26.1fixed 4.12.14-197.26.1

    drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

  • CVE-2019-16232MedSep 11, 2019
    affected < 4.12.14-197.26.1fixed 4.12.14-197.26.1

    drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

  • CVE-2019-16231MedSep 11, 2019
    affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1

    drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.

  • CVE-2019-9458HigSep 6, 2019
    affected < 4.12.14-197.40.1fixed 4.12.14-197.40.1

    In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9456MedSep 6, 2019
    affected < 4.12.14-197.18.1fixed 4.12.14-197.18.1

    In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-9455LowSep 6, 2019
    affected < 4.12.14-197.45.1fixed 4.12.14-197.45.1

    In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-15927HigSep 4, 2019
    affected < 4.12.14-197.18.1fixed 4.12.14-197.18.1

    An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.

  • CVE-2019-15926CriSep 4, 2019
    affected < 4.12.14-197.18.1fixed 4.12.14-197.18.1

    An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.

  • CVE-2018-21008MedSep 4, 2019
    affected < 4.12.14-197.18.1fixed 4.12.14-197.18.1

    An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c.

Page 10 of 14