rpm package
suse/kernel-source&distro=SUSE Linux Enterprise Server 12 SP2-BCL
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Vulnerabilities (580)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1092 | — | < 4.4.121-92.85.1 | 4.4.121-92.85.1 | Apr 2, 2018 | The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 imag | ||
| CVE-2017-18255 | — | < 4.4.121-92.129.1 | 4.4.121-92.129.1 | Mar 31, 2018 | The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calcu | ||
| CVE-2018-1091 | — | < 4.4.121-92.109.2 | 4.4.121-92.109.2 | Mar 27, 2018 | In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transact | ||
| CVE-2017-18249 | — | < 4.4.121-92.85.1 | 4.4.121-92.85.1 | Mar 26, 2018 | The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads. | ||
| CVE-2017-18241 | — | < 4.4.121-92.85.1 | 4.4.121-92.85.1 | Mar 21, 2018 | fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure. | ||
| CVE-2018-8822 | — | < 4.4.121-92.73.1 | 4.4.121-92.73.1 | Mar 20, 2018 | Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the | ||
| CVE-2018-8043 | — | < 4.4.121-92.73.1 | 4.4.121-92.73.1 | Mar 10, 2018 | The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). | ||
| CVE-2018-7757 | — | < 4.4.121-92.95.1 | 4.4.121-92.95.1 | Mar 8, 2018 | Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by | ||
| CVE-2018-7755 | — | < 4.4.121-92.175.2 | 4.4.121-92.175.2 | Mar 8, 2018 | An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel | ||
| CVE-2018-7740 | — | < 4.4.121-92.73.1 | 4.4.121-92.73.1 | Mar 7, 2018 | The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. | ||
| CVE-2018-1065 | — | < 4.4.121-92.85.1 | 4.4.121-92.85.1 | Mar 2, 2018 | The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capab | ||
| CVE-2017-18204 | — | < 4.4.121-92.146.1 | 4.4.121-92.146.1 | Feb 27, 2018 | The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests. | ||
| CVE-2018-7492 | — | < 4.4.121-92.85.1 | 4.4.121-92.85.1 | Feb 26, 2018 | A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST. | ||
| CVE-2018-7480 | — | < 4.4.121-92.95.1 | 4.4.121-92.95.1 | Feb 25, 2018 | The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure. | ||
| CVE-2017-18174 | — | < 4.4.121-92.109.2 | 4.4.121-92.109.2 | Feb 11, 2018 | In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free. | ||
| CVE-2017-5753 | — | < 4.4.121-92.161.1 | 4.4.121-92.161.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||
| CVE-2017-17741 | Med | 6.5 | < 4.4.121-92.109.2 | 4.4.121-92.109.2 | Dec 18, 2017 | The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. | |
| CVE-2017-16525 | Med | 6.6 | < 4.4.121-92.178.1 | 4.4.121-92.178.1 | Nov 4, 2017 | The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnect | |
| CVE-2017-13695 | Med | 5.5 | < 4.4.121-92.175.2 | 4.4.121-92.175.2 | Aug 25, 2017 | The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanis | |
| CVE-2016-8636 | Hig | 7.8 | < 4.4.121-92.109.2 | 4.4.121-92.109.2 | Feb 22, 2017 | Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact |
- CVE-2018-1092Apr 2, 2018affected < 4.4.121-92.85.1fixed 4.4.121-92.85.1
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 imag
- CVE-2017-18255Mar 31, 2018affected < 4.4.121-92.129.1fixed 4.4.121-92.129.1
The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calcu
- CVE-2018-1091Mar 27, 2018affected < 4.4.121-92.109.2fixed 4.4.121-92.109.2
In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transact
- CVE-2017-18249Mar 26, 2018affected < 4.4.121-92.85.1fixed 4.4.121-92.85.1
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.
- CVE-2017-18241Mar 21, 2018affected < 4.4.121-92.85.1fixed 4.4.121-92.85.1
fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.
- CVE-2018-8822Mar 20, 2018affected < 4.4.121-92.73.1fixed 4.4.121-92.73.1
Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the
- CVE-2018-8043Mar 10, 2018affected < 4.4.121-92.73.1fixed 4.4.121-92.73.1
The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).
- CVE-2018-7757Mar 8, 2018affected < 4.4.121-92.95.1fixed 4.4.121-92.95.1
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by
- CVE-2018-7755Mar 8, 2018affected < 4.4.121-92.175.2fixed 4.4.121-92.175.2
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel
- CVE-2018-7740Mar 7, 2018affected < 4.4.121-92.73.1fixed 4.4.121-92.73.1
The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.
- CVE-2018-1065Mar 2, 2018affected < 4.4.121-92.85.1fixed 4.4.121-92.85.1
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capab
- CVE-2017-18204Feb 27, 2018affected < 4.4.121-92.146.1fixed 4.4.121-92.146.1
The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.
- CVE-2018-7492Feb 26, 2018affected < 4.4.121-92.85.1fixed 4.4.121-92.85.1
A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.
- CVE-2018-7480Feb 25, 2018affected < 4.4.121-92.95.1fixed 4.4.121-92.95.1
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
- CVE-2017-18174Feb 11, 2018affected < 4.4.121-92.109.2fixed 4.4.121-92.109.2
In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.
- CVE-2017-5753Jan 4, 2018affected < 4.4.121-92.161.1fixed 4.4.121-92.161.1
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- affected < 4.4.121-92.109.2fixed 4.4.121-92.109.2
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.
- affected < 4.4.121-92.178.1fixed 4.4.121-92.178.1
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnect
- affected < 4.4.121-92.175.2fixed 4.4.121-92.175.2
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanis
- affected < 4.4.121-92.109.2fixed 4.4.121-92.109.2
Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact
Page 29 of 29