rpm package
suse/kernel-source&distro=SUSE OpenStack Cloud Crowbar 8
pkg:rpm/suse/kernel-source&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
Vulnerabilities (347)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-18379 | — | < 4.4.180-94.107.1 | 4.4.180-94.107.1 | Jul 27, 2019 | In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c. | ||
| CVE-2019-14284 | — | < 4.4.180-94.103.1 | 4.4.180-94.103.1 | Jul 26, 2019 | In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Nex | ||
| CVE-2019-14283 | — | < 4.4.180-94.103.1 | 4.4.180-94.103.1 | Jul 26, 2019 | In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU c | ||
| CVE-2018-20856 | — | < 4.4.180-94.103.1 | 4.4.180-94.103.1 | Jul 26, 2019 | An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. | ||
| CVE-2018-20855 | — | < 4.4.180-94.103.1 | 4.4.180-94.103.1 | Jul 26, 2019 | An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. | ||
| CVE-2019-13648 | — | < 4.4.180-94.103.1 | 4.4.180-94.103.1 | Jul 19, 2019 | In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/power | ||
| CVE-2019-13631 | — | < 4.4.180-94.103.1 | 4.4.180-94.103.1 | Jul 17, 2019 | In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. | ||
| CVE-2019-13272 | — | KEV | < 4.4.180-94.107.1 | 4.4.180-94.107.1 | Jul 17, 2019 | In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relati | |
| CVE-2019-0136 | — | < 4.4.180-94.153.1 | 4.4.180-94.153.1 | Jun 13, 2019 | Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||
| CVE-2018-12130 | — | < 4.4.180-94.116.1 | 4.4.180-94.116.1 | May 30, 2019 | Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found h | ||
| CVE-2018-12127 | — | < 4.4.180-94.116.1 | 4.4.180-94.116.1 | May 30, 2019 | Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: | ||
| CVE-2018-12126 | — | < 4.4.180-94.116.1 | 4.4.180-94.116.1 | May 30, 2019 | Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found | ||
| CVE-2019-11091 | — | < 4.4.180-94.116.1 | 4.4.180-94.116.1 | May 30, 2019 | Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products c | ||
| CVE-2019-11810 | — | < 4.4.180-94.103.1 | 4.4.180-94.103.1 | May 7, 2019 | An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. | ||
| CVE-2018-20784 | — | < 4.4.180-94.164.2 | 4.4.180-94.164.2 | Feb 22, 2019 | In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. | ||
| CVE-2019-3819 | — | < 4.4.180-94.103.1 | 4.4.180-94.103.1 | Jan 25, 2019 | A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Vers | ||
| CVE-2019-6133 | — | < 4.4.180-94.135.1 | 4.4.180-94.135.1 | Jan 11, 2019 | In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. | ||
| CVE-2019-3701 | — | < 4.4.180-94.116.1 | 4.4.180-94.116.1 | Jan 3, 2019 | An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame mod | ||
| CVE-2018-16882 | — | < 4.4.180-94.150.1 | 4.4.180-94.150.1 | Jan 3, 2019 | A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without r | ||
| CVE-2018-10902 | — | < 4.4.180-94.138.1 | 4.4.180-94.138.1 | Aug 21, 2018 | It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local a |
- CVE-2017-18379Jul 27, 2019affected < 4.4.180-94.107.1fixed 4.4.180-94.107.1
In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.
- CVE-2019-14284Jul 26, 2019affected < 4.4.180-94.103.1fixed 4.4.180-94.103.1
In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Nex
- CVE-2019-14283Jul 26, 2019affected < 4.4.180-94.103.1fixed 4.4.180-94.103.1
In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU c
- CVE-2018-20856Jul 26, 2019affected < 4.4.180-94.103.1fixed 4.4.180-94.103.1
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.
- CVE-2018-20855Jul 26, 2019affected < 4.4.180-94.103.1fixed 4.4.180-94.103.1
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.
- CVE-2019-13648Jul 19, 2019affected < 4.4.180-94.103.1fixed 4.4.180-94.103.1
In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/power
- CVE-2019-13631Jul 17, 2019affected < 4.4.180-94.103.1fixed 4.4.180-94.103.1
In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.
- affected < 4.4.180-94.107.1fixed 4.4.180-94.107.1
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relati
- CVE-2019-0136Jun 13, 2019affected < 4.4.180-94.153.1fixed 4.4.180-94.153.1
Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
- CVE-2018-12130May 30, 2019affected < 4.4.180-94.116.1fixed 4.4.180-94.116.1
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found h
- CVE-2018-12127May 30, 2019affected < 4.4.180-94.116.1fixed 4.4.180-94.116.1
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:
- CVE-2018-12126May 30, 2019affected < 4.4.180-94.116.1fixed 4.4.180-94.116.1
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found
- CVE-2019-11091May 30, 2019affected < 4.4.180-94.116.1fixed 4.4.180-94.116.1
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products c
- CVE-2019-11810May 7, 2019affected < 4.4.180-94.103.1fixed 4.4.180-94.103.1
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.
- CVE-2018-20784Feb 22, 2019affected < 4.4.180-94.164.2fixed 4.4.180-94.164.2
In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
- CVE-2019-3819Jan 25, 2019affected < 4.4.180-94.103.1fixed 4.4.180-94.103.1
A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Vers
- CVE-2019-6133Jan 11, 2019affected < 4.4.180-94.135.1fixed 4.4.180-94.135.1
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
- CVE-2019-3701Jan 3, 2019affected < 4.4.180-94.116.1fixed 4.4.180-94.116.1
An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame mod
- CVE-2018-16882Jan 3, 2019affected < 4.4.180-94.150.1fixed 4.4.180-94.150.1
A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error while processing posted interrupt address, it unmaps the 'pi_desc_page' without r
- CVE-2018-10902Aug 21, 2018affected < 4.4.180-94.138.1fixed 4.4.180-94.138.1
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local a
Page 17 of 18