rpm package
suse/kernel-source&distro=SUSE Linux Enterprise Server 12 SP3-BCL
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL
Vulnerabilities (414)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-19535 | Med | 4.6 | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Dec 3, 2019 | In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. | |
| CVE-2019-19534 | Low | 2.4 | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Dec 3, 2019 | In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. | |
| CVE-2019-19533 | Low | 2.4 | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Dec 3, 2019 | In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. | |
| CVE-2019-19532 | Med | 6.8 | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Dec 3, 2019 | In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-ga | |
| CVE-2019-19531 | Med | 6.8 | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Dec 3, 2019 | In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. | |
| CVE-2019-19530 | Med | 4.6 | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Dec 3, 2019 | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. | |
| CVE-2019-19527 | Med | 6.8 | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Dec 3, 2019 | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. | |
| CVE-2019-19525 | Med | 4.6 | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Dec 3, 2019 | In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035. | |
| CVE-2019-19524 | Med | 4.6 | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Dec 3, 2019 | In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. | |
| CVE-2019-19523 | Med | 4.6 | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Dec 3, 2019 | In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. | |
| CVE-2019-19377 | Hig | 7.8 | < 4.4.180-94.164.2 | 4.4.180-94.164.2 | Nov 29, 2019 | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. | |
| CVE-2019-14897 | Cri | 9.8 | < 4.4.180-94.116.1 | 4.4.180-94.116.1 | Nov 29, 2019 | A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together | |
| CVE-2019-14895 | Cri | 9.8 | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Nov 29, 2019 | A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could | |
| CVE-2019-19319 | Med | 6.5 | < 4.4.180-94.116.1 | 4.4.180-94.116.1 | Nov 27, 2019 | In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30 | |
| CVE-2019-18660 | Med | 4.7 | < 4.4.180-94.113.1 | 4.4.180-94.113.1 | Nov 27, 2019 | The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. | |
| CVE-2019-10220 | Hig | 8.8 | < 4.4.180-94.107.1 | 4.4.180-94.107.1 | Nov 27, 2019 | Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. | |
| CVE-2019-14896 | Cri | 9.8 | < 4.4.180-94.116.1 | 4.4.180-94.116.1 | Nov 27, 2019 | A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called a | |
| CVE-2019-18675 | Hig | 7.8 | < 4.4.180-94.116.1 | 4.4.180-94.116.1 | Nov 25, 2019 | The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel p | |
| CVE-2019-10207 | Med | 5.5 | < 4.4.180-94.103.1 | 4.4.180-94.103.1 | Nov 25, 2019 | A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call an | |
| CVE-2019-14815 | Hig | 7.8 | < 4.4.180-94.107.1 | 4.4.180-94.107.1 | Nov 25, 2019 | A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. |
- affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
- affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.
- affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.
- affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-ga
- affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.
- affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.
- affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.
- affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/atusb.c driver, aka CID-7fd25e6fc035.
- affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.
- affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.
- affected < 4.4.180-94.164.2fixed 4.4.180-94.164.2
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
- affected < 4.4.180-94.116.1fixed 4.4.180-94.116.1
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together
- affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could
- affected < 4.4.180-94.116.1fixed 4.4.180-94.116.1
In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30
- affected < 4.4.180-94.113.1fixed 4.4.180-94.113.1
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.
- affected < 4.4.180-94.107.1fixed 4.4.180-94.107.1
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
- affected < 4.4.180-94.116.1fixed 4.4.180-94.116.1
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called a
- affected < 4.4.180-94.116.1fixed 4.4.180-94.116.1
The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel p
- affected < 4.4.180-94.103.1fixed 4.4.180-94.103.1
A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call an
- affected < 4.4.180-94.107.1fixed 4.4.180-94.107.1
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
Page 16 of 21