rpm package
suse/kernel-obs-build&distro=SUSE Linux Enterprise Module for Development Tools 15 SP1
pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1
Vulnerabilities (276)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-19534 | Low | 2.4 | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Dec 3, 2019 | In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. | |
| CVE-2019-19533 | Low | 2.4 | < 4.12.14-197.34.1 | 4.12.14-197.34.1 | Dec 3, 2019 | In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. | |
| CVE-2019-19532 | Med | 6.8 | < 4.12.14-197.34.1 | 4.12.14-197.34.1 | Dec 3, 2019 | In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-ga | |
| CVE-2019-19531 | Med | 6.8 | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Dec 3, 2019 | In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. | |
| CVE-2019-19530 | Med | 4.6 | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Dec 3, 2019 | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. | |
| CVE-2019-19529 | Med | 6.3 | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Dec 3, 2019 | In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41. | |
| CVE-2019-19528 | Med | 6.1 | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Dec 3, 2019 | In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d. | |
| CVE-2019-19527 | Med | 6.8 | < 4.12.14-197.34.1 | 4.12.14-197.34.1 | Dec 3, 2019 | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. | |
| CVE-2019-19526 | Med | 4.6 | < 4.12.14-197.34.1 | 4.12.14-197.34.1 | Dec 3, 2019 | In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098. | |
| CVE-2019-19525 | Med | 4.6 | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Dec 3, 2019 | In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035. | |
| CVE-2019-19524 | Med | 4.6 | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Dec 3, 2019 | In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. | |
| CVE-2019-19523 | Med | 4.6 | < 4.12.14-197.34.1 | 4.12.14-197.34.1 | Dec 3, 2019 | In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. | |
| CVE-2019-19462 | Med | 5.5 | < 4.12.14-197.45.1 | 4.12.14-197.45.1 | Nov 30, 2019 | relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result. | |
| CVE-2019-14901 | Cri | 9.8 | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Nov 29, 2019 | A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with th | |
| CVE-2019-14897 | Cri | 9.8 | < 4.12.14-197.34.1 | 4.12.14-197.34.1 | Nov 29, 2019 | A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together | |
| CVE-2019-14895 | Cri | 9.8 | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Nov 29, 2019 | A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could | |
| CVE-2019-19318 | Med | 4.4 | < 4.12.14-197.34.1 | 4.12.14-197.34.1 | Nov 28, 2019 | In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer, | |
| CVE-2019-19319 | Med | 6.5 | < 4.12.14-197.34.1 | 4.12.14-197.34.1 | Nov 27, 2019 | In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30 | |
| CVE-2019-18660 | Med | 4.7 | < 4.12.14-197.29.1 | 4.12.14-197.29.1 | Nov 27, 2019 | The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. | |
| CVE-2019-10220 | Hig | 8.8 | < 4.12.14-197.26.1 | 4.12.14-197.26.1 | Nov 27, 2019 | Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. |
- affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.
- affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.
- affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-ga
- affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.
- affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.
- affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.
- affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.
- affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.
- affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c driver, aka CID-6af3aa57a098.
- affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035.
- affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.
- affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.
- affected < 4.12.14-197.45.1fixed 4.12.14-197.45.1
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
- affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with th
- affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together
- affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could
- affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,
- affected < 4.12.14-197.34.1fixed 4.12.14-197.34.1
In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30
- affected < 4.12.14-197.29.1fixed 4.12.14-197.29.1
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.
- affected < 4.12.14-197.26.1fixed 4.12.14-197.26.1
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
Page 7 of 14