rpm package

suse/kernel-source-azure&distro=SUSE Linux Enterprise Server 12 SP5

pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Vulnerabilities (1,481)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2019-19534	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Dec 3, 2019	In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.
CVE-2019-19535	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Dec 3, 2019	In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
CVE-2019-19536	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Dec 3, 2019	In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.
CVE-2019-19537	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Dec 3, 2019	In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.
CVE-2019-19462	—	< 4.12.14-16.16.1	4.12.14-16.16.1	Nov 30, 2019	relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
CVE-2019-19377	—	< 4.12.14-16.100.1	4.12.14-16.100.1	Nov 29, 2019	In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
CVE-2019-14901	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Nov 29, 2019	A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with th
CVE-2019-14897	—	< 4.12.14-16.10.1	4.12.14-16.10.1	Nov 29, 2019	A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together
CVE-2019-14895	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Nov 29, 2019	A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could
CVE-2019-19318	—	< 4.12.14-16.10.1	4.12.14-16.10.1	Nov 27, 2019	In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,
CVE-2019-19319	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Nov 27, 2019	In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30
CVE-2019-18660	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Nov 27, 2019	The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.
CVE-2019-10220	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Nov 27, 2019	Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
CVE-2019-14896	—	< 4.12.14-16.10.1	4.12.14-16.10.1	Nov 27, 2019	A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called a
CVE-2019-19227	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Nov 22, 2019	In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, a
CVE-2019-19036	—	< 4.12.14-16.10.1	4.12.14-16.10.1	Nov 21, 2019	btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.
CVE-2019-19083	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Nov 18, 2019	Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce11
CVE-2019-19082	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Nov 18, 2019	Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/d
CVE-2019-19081	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Nov 18, 2019	A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.
CVE-2019-19080	—	< 4.12.14-16.7.1	4.12.14-16.7.1	Nov 18, 2019	Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.

CVE-2019-19534Dec 3, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.
CVE-2019-19535Dec 3, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
CVE-2019-19536Dec 3, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.
CVE-2019-19537Dec 3, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.
CVE-2019-19462Nov 30, 2019
affected < 4.12.14-16.16.1fixed 4.12.14-16.16.1
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
CVE-2019-19377Nov 29, 2019
affected < 4.12.14-16.100.1fixed 4.12.14-16.100.1
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
CVE-2019-14901Nov 29, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with th
CVE-2019-14897Nov 29, 2019
affected < 4.12.14-16.10.1fixed 4.12.14-16.10.1
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together
CVE-2019-14895Nov 29, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could
CVE-2019-19318Nov 27, 2019
affected < 4.12.14-16.10.1fixed 4.12.14-16.10.1
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,
CVE-2019-19319Nov 27, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30
CVE-2019-18660Nov 27, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.
CVE-2019-10220Nov 27, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
CVE-2019-14896Nov 27, 2019
affected < 4.12.14-16.10.1fixed 4.12.14-16.10.1
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called a
CVE-2019-19227Nov 22, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, a
CVE-2019-19036Nov 21, 2019
affected < 4.12.14-16.10.1fixed 4.12.14-16.10.1
btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.
CVE-2019-19083Nov 18, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce11
CVE-2019-19082Nov 18, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/d
CVE-2019-19081Nov 18, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.
CVE-2019-19080Nov 18, 2019
affected < 4.12.14-16.7.1fixed 4.12.14-16.7.1
Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.

Page 71 of 75