rpm package

suse/kernel-obs-build&distro=SUSE Linux Enterprise Module for Development Tools 15 SP1

pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1

Vulnerabilities (276)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2020-8428	—	< 4.12.14-197.34.1	4.12.14-197.34.1	Jan 28, 2020	fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a
CVE-2019-14615	—	< 4.12.14-197.34.1	4.12.14-197.34.1	Jan 17, 2020	Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.
CVE-2019-9503	—	< 4.12.14-197.4.1	4.12.14-197.4.1	Jan 16, 2020	The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarde
CVE-2019-9500	—	< 4.12.14-197.4.1	4.12.14-197.4.1	Jan 16, 2020	The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brc
CVE-2020-7053	—	< 4.12.14-197.34.1	4.12.14-197.34.1	Jan 14, 2020	In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_
CVE-2019-19332	—	< 4.12.14-197.34.1	4.12.14-197.34.1	Jan 9, 2020	An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access t
CVE-2019-19927	—	< 4.12.14-197.34.1	4.12.14-197.34.1	Dec 31, 2019	In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to
CVE-2019-20095	—	< 4.12.14-197.34.1	4.12.14-197.34.1	Dec 30, 2019	mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.
CVE-2019-20096	—	< 4.12.14-197.34.1	4.12.14-197.34.1	Dec 30, 2019	In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
CVE-2019-20054	—	< 4.12.14-197.34.1	4.12.14-197.34.1	Dec 28, 2019	In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
CVE-2019-19965	—	< 4.12.14-197.34.1	4.12.14-197.34.1	Dec 25, 2019	In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
CVE-2019-19966	—	< 4.12.14-197.34.1	4.12.14-197.34.1	Dec 25, 2019	In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
CVE-2019-19767	—	< 4.12.14-197.34.1	4.12.14-197.34.1	Dec 12, 2019	The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.
CVE-2019-19770	—	< 4.12.14-197.40.1	4.12.14-197.40.1	Dec 12, 2019	In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux
CVE-2019-19768	—	< 4.12.14-197.37.1	4.12.14-197.37.1	Dec 12, 2019	In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).
CVE-2019-19447	—	< 4.12.14-197.34.1	4.12.14-197.34.1	Dec 8, 2019	In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
CVE-2019-19543	—	< 4.12.14-197.29.1	4.12.14-197.29.1	Dec 3, 2019	In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.
CVE-2019-19523	—	< 4.12.14-197.34.1	4.12.14-197.34.1	Dec 3, 2019	In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.
CVE-2019-19524	—	< 4.12.14-197.29.1	4.12.14-197.29.1	Dec 3, 2019	In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.
CVE-2019-19525	—	< 4.12.14-197.29.1	4.12.14-197.29.1	Dec 3, 2019	In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035.

CVE-2020-8428Jan 28, 2020
affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a
CVE-2019-14615Jan 17, 2020
affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.
CVE-2019-9503Jan 16, 2020
affected < 4.12.14-197.4.1fixed 4.12.14-197.4.1
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarde
CVE-2019-9500Jan 16, 2020
affected < 4.12.14-197.4.1fixed 4.12.14-197.4.1
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brc
CVE-2020-7053Jan 14, 2020
affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_
CVE-2019-19332Jan 9, 2020
affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access t
CVE-2019-19927Dec 31, 2019
affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to
CVE-2019-20095Dec 30, 2019
affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.
CVE-2019-20096Dec 30, 2019
affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
CVE-2019-20054Dec 28, 2019
affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
CVE-2019-19965Dec 25, 2019
affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
CVE-2019-19966Dec 25, 2019
affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
CVE-2019-19767Dec 12, 2019
affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.
CVE-2019-19770Dec 12, 2019
affected < 4.12.14-197.40.1fixed 4.12.14-197.40.1
In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux
CVE-2019-19768Dec 12, 2019
affected < 4.12.14-197.37.1fixed 4.12.14-197.37.1
In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).
CVE-2019-19447Dec 8, 2019
affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
CVE-2019-19543Dec 3, 2019
affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.
CVE-2019-19523Dec 3, 2019
affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.
CVE-2019-19524Dec 3, 2019
affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.
CVE-2019-19525Dec 3, 2019
affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035.

Page 6 of 14