rpm package
suse/kernel-source-azure&distro=SUSE Linux Enterprise Server 12 SP4
pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4
Vulnerabilities (213)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-15219 | Med | 4.6 | < 4.12.14-6.26.1 | 4.12.14-6.26.1 | Aug 19, 2019 | An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. | |
| CVE-2019-15218 | Med | 4.6 | < 4.12.14-6.26.1 | 4.12.14-6.26.1 | Aug 19, 2019 | An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. | |
| CVE-2019-15217 | Med | 4.6 | < 4.12.14-6.26.1 | 4.12.14-6.26.1 | Aug 19, 2019 | An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. | |
| CVE-2019-15216 | Med | 4.6 | < 4.12.14-6.26.1 | 4.12.14-6.26.1 | Aug 19, 2019 | An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. | |
| CVE-2019-15215 | Med | 4.6 | < 4.12.14-6.26.1 | 4.12.14-6.26.1 | Aug 19, 2019 | An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver. | |
| CVE-2019-15214 | Med | 6.4 | < 4.12.14-6.26.1 | 4.12.14-6.26.1 | Aug 19, 2019 | An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c. | |
| CVE-2019-15213 | Med | 4.6 | < 4.12.14-6.34.1 | 4.12.14-6.34.1 | Aug 19, 2019 | An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver. | |
| CVE-2019-15212 | Med | 4.6 | < 4.12.14-6.26.1 | 4.12.14-6.26.1 | Aug 19, 2019 | An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. | |
| CVE-2019-15211 | Med | 4.6 | < 4.12.14-6.26.1 | 4.12.14-6.26.1 | Aug 19, 2019 | An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory. | |
| CVE-2018-20976 | Hig | 7.8 | < 4.12.14-6.26.1 | 4.12.14-6.26.1 | Aug 19, 2019 | An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. | |
| CVE-2017-18551 | Med | 6.7 | < 4.12.14-6.26.1 | 4.12.14-6.26.1 | Aug 19, 2019 | An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. | |
| CVE-2019-15118 | Med | 5.5 | < 4.12.14-6.26.1 | 4.12.14-6.26.1 | Aug 16, 2019 | check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. | |
| CVE-2019-15117 | Hig | 7.8 | < 4.12.14-6.26.1 | 4.12.14-6.26.1 | Aug 16, 2019 | parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. | |
| CVE-2019-15098 | Med | 4.6 | < 4.12.14-6.26.1 | 4.12.14-6.26.1 | Aug 16, 2019 | drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. | |
| CVE-2019-15090 | Med | 6.7 | < 4.12.14-6.26.1 | 4.12.14-6.26.1 | Aug 16, 2019 | An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read. | |
| CVE-2019-9506 | Hig | 8.1 | < 4.12.14-6.26.1 | 4.12.14-6.26.1 | Aug 14, 2019 | The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inje | |
| CVE-2019-14284 | Med | 6.2 | < 4.12.14-6.23.1 | 4.12.14-6.23.1 | Jul 26, 2019 | In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Nex | |
| CVE-2019-14283 | Med | 6.8 | < 4.12.14-6.23.1 | 4.12.14-6.23.1 | Jul 26, 2019 | In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU c | |
| CVE-2018-20855 | Low | 3.3 | < 4.12.14-6.23.1 | 4.12.14-6.23.1 | Jul 26, 2019 | An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. | |
| CVE-2019-13648 | Med | 5.5 | < 4.12.14-6.23.1 | 4.12.14-6.23.1 | Jul 19, 2019 | In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/power |
- affected < 4.12.14-6.26.1fixed 4.12.14-6.26.1
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.
- affected < 4.12.14-6.26.1fixed 4.12.14-6.26.1
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.
- affected < 4.12.14-6.26.1fixed 4.12.14-6.26.1
An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.
- affected < 4.12.14-6.26.1fixed 4.12.14-6.26.1
An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.
- affected < 4.12.14-6.26.1fixed 4.12.14-6.26.1
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.
- affected < 4.12.14-6.26.1fixed 4.12.14-6.26.1
An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c.
- affected < 4.12.14-6.34.1fixed 4.12.14-6.34.1
An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.
- affected < 4.12.14-6.26.1fixed 4.12.14-6.26.1
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.
- affected < 4.12.14-6.26.1fixed 4.12.14-6.26.1
An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/v4l2-core/v4l2-dev.c driver because drivers/media/radio/radio-raremono.c does not properly allocate memory.
- affected < 4.12.14-6.26.1fixed 4.12.14-6.26.1
An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.
- affected < 4.12.14-6.26.1fixed 4.12.14-6.26.1
An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.
- affected < 4.12.14-6.26.1fixed 4.12.14-6.26.1
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.
- affected < 4.12.14-6.26.1fixed 4.12.14-6.26.1
parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.
- affected < 4.12.14-6.26.1fixed 4.12.14-6.26.1
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
- affected < 4.12.14-6.26.1fixed 4.12.14-6.26.1
An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.
- affected < 4.12.14-6.26.1fixed 4.12.14-6.26.1
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inje
- affected < 4.12.14-6.23.1fixed 4.12.14-6.23.1
In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Nex
- affected < 4.12.14-6.23.1fixed 4.12.14-6.23.1
In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU c
- affected < 4.12.14-6.23.1fixed 4.12.14-6.23.1
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.
- affected < 4.12.14-6.23.1fixed 4.12.14-6.23.1
In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/power
Page 8 of 11