rpm package
suse/kernel-obs-build&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
Vulnerabilities (812)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-0129 | — | < 5.3.18-150200.24.200.1 | 5.3.18-150200.24.200.1 | Jun 9, 2021 | Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. | ||
| CVE-2020-26555 | — | < 5.3.18-150200.24.175.1 | 5.3.18-150200.24.175.1 | May 24, 2021 | Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN. | ||
| CVE-2020-26558 | — | < 5.3.18-150200.24.200.1 | 5.3.18-150200.24.200.1 | May 24, 2021 | Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evide | ||
| CVE-2021-23134 | — | < 5.3.18-150200.24.188.1 | 5.3.18-150200.24.188.1 | May 12, 2021 | Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. | ||
| CVE-2021-29650 | — | < 5.3.18-150200.24.154.1 | 5.3.18-150200.24.154.1 | Mar 30, 2021 | An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, a | ||
| CVE-2020-16119 | — | < 5.3.18-150200.24.134.1 | 5.3.18-150200.24.134.1 | Jan 14, 2021 | Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0 | ||
| CVE-2020-27825 | — | < 5.3.18-24.99.1 | 5.3.18-24.99.1 | Dec 11, 2020 | A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local at | ||
| CVE-2020-26541 | — | < 5.3.18-150200.24.115.1 | 5.3.18-150200.24.115.1 | Oct 2, 2020 | The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. | ||
| CVE-2020-10135 | — | < 5.3.18-150200.24.197.1 | 5.3.18-150200.24.197.1 | May 19, 2020 | Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersona | ||
| CVE-2019-19377 | — | < 5.3.18-150200.24.115.1 | 5.3.18-150200.24.115.1 | Nov 29, 2019 | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. | ||
| CVE-2017-5753 | — | < 5.3.18-150200.24.148.1 | 5.3.18-150200.24.148.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||
| CVE-2016-3695 | Med | 5.5 | < 5.3.18-150200.24.129.1 | 5.3.18-150200.24.129.1 | Dec 29, 2017 | The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set. |
- CVE-2021-0129Jun 9, 2021affected < 5.3.18-150200.24.200.1fixed 5.3.18-150200.24.200.1
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
- CVE-2020-26555May 24, 2021affected < 5.3.18-150200.24.175.1fixed 5.3.18-150200.24.175.1
Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.
- CVE-2020-26558May 24, 2021affected < 5.3.18-150200.24.200.1fixed 5.3.18-150200.24.200.1
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evide
- CVE-2021-23134May 12, 2021affected < 5.3.18-150200.24.188.1fixed 5.3.18-150200.24.188.1
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.
- CVE-2021-29650Mar 30, 2021affected < 5.3.18-150200.24.154.1fixed 5.3.18-150200.24.154.1
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, a
- CVE-2020-16119Jan 14, 2021affected < 5.3.18-150200.24.134.1fixed 5.3.18-150200.24.134.1
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0
- CVE-2020-27825Dec 11, 2020affected < 5.3.18-24.99.1fixed 5.3.18-24.99.1
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local at
- CVE-2020-26541Oct 2, 2020affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1
The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
- CVE-2020-10135May 19, 2020affected < 5.3.18-150200.24.197.1fixed 5.3.18-150200.24.197.1
Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersona
- CVE-2019-19377Nov 29, 2019affected < 5.3.18-150200.24.115.1fixed 5.3.18-150200.24.115.1
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
- CVE-2017-5753Jan 4, 2018affected < 5.3.18-150200.24.148.1fixed 5.3.18-150200.24.148.1
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- affected < 5.3.18-150200.24.129.1fixed 5.3.18-150200.24.129.1
The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.
Page 41 of 41