rpm package
suse/kernel-source&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP4
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4
Vulnerabilities (572)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-19407 | — | < 4.12.14-95.6.1 | 4.12.14-95.6.1 | Nov 21, 2018 | The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. | ||
| CVE-2018-18281 | — | < 4.12.14-95.3.1 | 4.12.14-95.3.1 | Oct 30, 2018 | Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits a | ||
| CVE-2018-18710 | — | < 4.12.14-95.3.1 | 4.12.14-95.3.1 | Oct 27, 2018 | An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CV | ||
| CVE-2018-18386 | — | < 4.12.14-95.3.1 | 4.12.14-95.3.1 | Oct 17, 2018 | drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ. | ||
| CVE-2018-18445 | — | < 4.12.14-95.3.1 | 4.12.14-95.3.1 | Oct 17, 2018 | In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts. | ||
| CVE-2018-14625 | — | < 4.12.14-95.6.1 | 4.12.14-95.6.1 | Sep 10, 2018 | A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak o | ||
| CVE-2018-13405 | — | < 4.12.14-95.83.2 | 4.12.14-95.83.2 | Jul 6, 2018 | The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the no | ||
| CVE-2018-12232 | — | < 4.12.14-95.6.1 | 4.12.14-95.6.1 | Jun 12, 2018 | In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference c | ||
| CVE-2018-1000199 | — | < 4.12.14-95.54.1 | 4.12.14-95.54.1 | May 24, 2018 | The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears | ||
| CVE-2017-18224 | — | < 4.12.14-95.3.1 | 4.12.14-95.3.1 | Mar 12, 2018 | In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field. | ||
| CVE-2017-5753 | — | < 4.12.14-95.13.1 | 4.12.14-95.13.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||
| CVE-2017-16533 | Med | 6.6 | < 4.12.14-95.3.1 | 4.12.14-95.3.1 | Nov 4, 2017 | The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. |
- CVE-2018-19407Nov 21, 2018affected < 4.12.14-95.6.1fixed 4.12.14-95.6.1
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.
- CVE-2018-18281Oct 30, 2018affected < 4.12.14-95.3.1fixed 4.12.14-95.3.1
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits a
- CVE-2018-18710Oct 27, 2018affected < 4.12.14-95.3.1fixed 4.12.14-95.3.1
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CV
- CVE-2018-18386Oct 17, 2018affected < 4.12.14-95.3.1fixed 4.12.14-95.3.1
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
- CVE-2018-18445Oct 17, 2018affected < 4.12.14-95.3.1fixed 4.12.14-95.3.1
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.
- CVE-2018-14625Sep 10, 2018affected < 4.12.14-95.6.1fixed 4.12.14-95.6.1
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak o
- CVE-2018-13405Jul 6, 2018affected < 4.12.14-95.83.2fixed 4.12.14-95.83.2
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the no
- CVE-2018-12232Jun 12, 2018affected < 4.12.14-95.6.1fixed 4.12.14-95.6.1
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference c
- CVE-2018-1000199May 24, 2018affected < 4.12.14-95.54.1fixed 4.12.14-95.54.1
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears
- CVE-2017-18224Mar 12, 2018affected < 4.12.14-95.3.1fixed 4.12.14-95.3.1
In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field.
- CVE-2017-5753Jan 4, 2018affected < 4.12.14-95.13.1fixed 4.12.14-95.13.1
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- affected < 4.12.14-95.3.1fixed 4.12.14-95.3.1
The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
Page 29 of 29