VYPR

rpm package

suse/kernel-rt&distro=SUSE Linux Enterprise Micro 5.2

pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Vulnerabilities (1,678)

  • CVE-2020-36516Feb 26, 2022
    affected < 5.3.18-150300.99.1fixed 5.3.18-150300.99.1

    An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.

  • CVE-2021-20321Feb 18, 2022
    affected < 5.3.18-150300.88.2fixed 5.3.18-150300.88.2

    A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.

  • CVE-2021-33061Feb 9, 2022
    affected < 5.3.18-150300.93.1fixed 5.3.18-150300.93.1

    Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2021-4154Feb 4, 2022
    affected < 5.3.18-150300.88.2fixed 5.3.18-150300.88.2

    A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a

  • CVE-2021-43527Dec 8, 2021
    affected < 5.3.18-150300.172.1fixed 5.3.18-150300.172.1

    NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted.

  • CVE-2021-43389Nov 4, 2021
    affected < 5.3.18-150300.175.1fixed 5.3.18-150300.175.1

    An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.

  • CVE-2021-43056Oct 28, 2021
    affected < 5.3.18-150300.172.1fixed 5.3.18-150300.172.1

    An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.

  • CVE-2021-38208Aug 8, 2021
    affected < 5.3.18-150300.88.2fixed 5.3.18-150300.88.2

    net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.

  • CVE-2021-20292May 28, 2021
    affected < 5.3.18-150300.88.2fixed 5.3.18-150300.88.2

    There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the obje

  • CVE-2020-26555May 24, 2021
    affected < 5.3.18-150300.155.1fixed 5.3.18-150300.155.1

    Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.

  • CVE-2021-32399May 10, 2021
    affected < 5.3.18-150300.211.1fixed 5.3.18-150300.211.1

    net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.

  • CVE-2020-16119Jan 14, 2021
    affected < 5.3.18-150300.106.1fixed 5.3.18-150300.106.1

    Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0

  • CVE-2020-27835Jan 7, 2021
    affected < 5.3.18-150300.88.2fixed 5.3.18-150300.88.2

    A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.

  • CVE-2020-26541Oct 2, 2020
    affected < 5.3.18-150300.93.1fixed 5.3.18-150300.93.1

    The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.

  • CVE-2019-19377Nov 29, 2019
    affected < 5.3.18-150300.93.1fixed 5.3.18-150300.93.1

    In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.

  • CVE-2019-19083Nov 18, 2019
    affected < 5.3.18-150300.115.1fixed 5.3.18-150300.115.1

    Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce11

  • CVE-2017-5753Jan 4, 2018
    affected < 5.3.18-150300.124.1fixed 5.3.18-150300.124.1

    Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

  • CVE-2016-3695MedDec 29, 2017
    affected < 5.3.18-150300.106.1fixed 5.3.18-150300.106.1

    The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.

Page 84 of 84