rpm package

suse/kernel-pae&distro=SUSE Linux Enterprise Server 11 SP4

pkg:rpm/suse/kernel-pae&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4

Vulnerabilities (269)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2018-8897	—	< 3.0.101-108.41.1	3.0.101-108.41.1	May 8, 2018	A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP
CVE-2018-10675	—	< 3.0.101-108.48.1	3.0.101-108.48.1	May 2, 2018	The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
CVE-2018-10124	—	< 3.0.101-108.41.1	3.0.101-108.41.1	Apr 16, 2018	The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.
CVE-2018-10087	—	< 3.0.101-108.38.1	3.0.101-108.38.1	Apr 13, 2018	The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.
CVE-2017-13305	—	< 3.0.101-108.68.1	3.0.101-108.68.1	Apr 4, 2018	A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.
CVE-2018-7566	—	< 3.0.101-108.38.1	3.0.101-108.38.1	Mar 30, 2018	The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
CVE-2018-8822	—	< 3.0.101-108.38.1	3.0.101-108.38.1	Mar 20, 2018	Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the
CVE-2018-1068	—	< 3.0.101-108.68.1	3.0.101-108.68.1	Mar 16, 2018	A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
CVE-2018-7757	—	< 3.0.101-108.38.1	3.0.101-108.38.1	Mar 8, 2018	Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by
CVE-2017-18208	—	< 3.0.101-108.38.1	3.0.101-108.38.1	Mar 1, 2018	The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.
CVE-2017-18203	—	< 3.0.101-108.38.1	3.0.101-108.38.1	Feb 27, 2018	The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.
CVE-2018-7492	—	< 3.0.101-108.68.1	3.0.101-108.68.1	Feb 26, 2018	A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.
CVE-2018-6927	—	< 3.0.101-108.38.1	3.0.101-108.38.1	Feb 12, 2018	The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
CVE-2017-16914	—	< 3.0.101-108.38.1	3.0.101-108.38.1	Jan 31, 2018	The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.
CVE-2017-16913	—	< 3.0.101-108.38.1	3.0.101-108.38.1	Jan 31, 2018	The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP pack
CVE-2017-16912	—	< 3.0.101-108.38.1	3.0.101-108.38.1	Jan 31, 2018	The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
CVE-2017-16911	—	< 3.0.101-108.38.1	3.0.101-108.38.1	Jan 31, 2018	The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.
CVE-2017-18079	—	< 3.0.101-108.35.1	3.0.101-108.35.1	Jan 29, 2018	drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
CVE-2015-1142857	—	< 3.0.101-108.35.1	3.0.101-108.35.1	Jan 23, 2018	On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4
CVE-2018-1000004	—	< 3.0.101-108.35.1	3.0.101-108.35.1	Jan 16, 2018	In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.

CVE-2018-8897May 8, 2018
affected < 3.0.101-108.41.1fixed 3.0.101-108.41.1
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP
CVE-2018-10675May 2, 2018
affected < 3.0.101-108.48.1fixed 3.0.101-108.48.1
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
CVE-2018-10124Apr 16, 2018
affected < 3.0.101-108.41.1fixed 3.0.101-108.41.1
The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.
CVE-2018-10087Apr 13, 2018
affected < 3.0.101-108.38.1fixed 3.0.101-108.38.1
The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.
CVE-2017-13305Apr 4, 2018
affected < 3.0.101-108.68.1fixed 3.0.101-108.68.1
A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.
CVE-2018-7566Mar 30, 2018
affected < 3.0.101-108.38.1fixed 3.0.101-108.38.1
The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.
CVE-2018-8822Mar 20, 2018
affected < 3.0.101-108.38.1fixed 3.0.101-108.38.1
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the
CVE-2018-1068Mar 16, 2018
affected < 3.0.101-108.68.1fixed 3.0.101-108.68.1
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
CVE-2018-7757Mar 8, 2018
affected < 3.0.101-108.38.1fixed 3.0.101-108.38.1
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by
CVE-2017-18208Mar 1, 2018
affected < 3.0.101-108.38.1fixed 3.0.101-108.38.1
The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.
CVE-2017-18203Feb 27, 2018
affected < 3.0.101-108.38.1fixed 3.0.101-108.38.1
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.
CVE-2018-7492Feb 26, 2018
affected < 3.0.101-108.68.1fixed 3.0.101-108.68.1
A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.
CVE-2018-6927Feb 12, 2018
affected < 3.0.101-108.38.1fixed 3.0.101-108.38.1
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
CVE-2017-16914Jan 31, 2018
affected < 3.0.101-108.38.1fixed 3.0.101-108.38.1
The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.
CVE-2017-16913Jan 31, 2018
affected < 3.0.101-108.38.1fixed 3.0.101-108.38.1
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP pack
CVE-2017-16912Jan 31, 2018
affected < 3.0.101-108.38.1fixed 3.0.101-108.38.1
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
CVE-2017-16911Jan 31, 2018
affected < 3.0.101-108.38.1fixed 3.0.101-108.38.1
The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.
CVE-2017-18079Jan 29, 2018
affected < 3.0.101-108.35.1fixed 3.0.101-108.35.1
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
CVE-2015-1142857Jan 23, 2018
affected < 3.0.101-108.35.1fixed 3.0.101-108.35.1
On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4
CVE-2018-1000004Jan 16, 2018
affected < 3.0.101-108.35.1fixed 3.0.101-108.35.1
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.

Page 3 of 14