rpm package
suse/kernel-rt&distro=SUSE Linux Enterprise Real Time 12 SP5
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5
Vulnerabilities (1,429)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-3874 | — | < 4.12.14-10.57.2 | 4.12.14-10.57.2 | Mar 25, 2019 | The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. | ||
| CVE-2018-20669 | — | < 4.12.14-10.25.1 | 4.12.14-10.25.1 | Mar 18, 2019 | An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kern | ||
| CVE-2019-3701 | — | < 4.12.14-10.8.1 | 4.12.14-10.8.1 | Jan 3, 2019 | An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame mod | ||
| CVE-2018-9517 | — | < 4.12.14-10.57.2 | 4.12.14-10.57.2 | Dec 7, 2018 | In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-3 | ||
| CVE-2018-13405 | — | < 4.12.14-10.65.1 | 4.12.14-10.65.1 | Jul 6, 2018 | The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the no | ||
| CVE-2018-1000199 | — | < 4.12.14-10.13.1 | 4.12.14-10.13.1 | May 24, 2018 | The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears | ||
| CVE-2018-3639 | — | < 4.12.14-10.16.1 | 4.12.14-10.16.1 | May 22, 2018 | Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka | ||
| CVE-2018-7755 | — | < 4.12.14-10.89.1 | 4.12.14-10.89.1 | Mar 8, 2018 | An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel | ||
| CVE-2017-5753 | — | < 4.12.14-10.121.1 | 4.12.14-10.121.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. |
- CVE-2019-3874Mar 25, 2019affected < 4.12.14-10.57.2fixed 4.12.14-10.57.2
The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.
- CVE-2018-20669Mar 18, 2019affected < 4.12.14-10.25.1fixed 4.12.14-10.25.1
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kern
- CVE-2019-3701Jan 3, 2019affected < 4.12.14-10.8.1fixed 4.12.14-10.8.1
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame mod
- CVE-2018-9517Dec 7, 2018affected < 4.12.14-10.57.2fixed 4.12.14-10.57.2
In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-3
- CVE-2018-13405Jul 6, 2018affected < 4.12.14-10.65.1fixed 4.12.14-10.65.1
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the no
- CVE-2018-1000199May 24, 2018affected < 4.12.14-10.13.1fixed 4.12.14-10.13.1
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears
- CVE-2018-3639May 22, 2018affected < 4.12.14-10.16.1fixed 4.12.14-10.16.1
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka
- CVE-2018-7755Mar 8, 2018affected < 4.12.14-10.89.1fixed 4.12.14-10.89.1
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel
- CVE-2017-5753Jan 4, 2018affected < 4.12.14-10.121.1fixed 4.12.14-10.121.1
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Page 72 of 72