rpm package
suse/kernel-syms-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP1
pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1
Vulnerabilities (249)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-25669 | Hig | 7.8 | < 4.12.14-8.52.1 | 4.12.14-8.52.1 | May 26, 2021 | A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free. | |
| CVE-2020-25668 | Hig | 7.0 | < 4.12.14-8.52.1 | 4.12.14-8.52.1 | May 26, 2021 | A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. | |
| CVE-2020-16120 | Med | 5.1 | < 4.12.14-8.52.1 | 4.12.14-8.52.1 | Feb 10, 2021 | Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be | |
| CVE-2020-27777 | Med | 6.7 | < 4.12.14-8.55.1 | 4.12.14-8.55.1 | Dec 15, 2020 | A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase | |
| CVE-2020-27068 | Cri | 9.8 | < 4.12.14-8.58.1 | 4.12.14-8.58.1 | Dec 15, 2020 | Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel | |
| CVE-2020-0466 | Hig | 7.8 | < 4.12.14-8.58.1 | 4.12.14-8.58.1 | Dec 14, 2020 | In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion | |
| CVE-2020-0465 | Med | 6.8 | < 4.12.14-8.58.1 | 4.12.14-8.58.1 | Dec 14, 2020 | In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions | |
| CVE-2020-0444 | Hig | 7.8 | < 4.12.14-8.58.1 | 4.12.14-8.58.1 | Dec 14, 2020 | In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVe | |
| CVE-2020-27825 | Med | 5.7 | < 4.12.14-8.58.1 | 4.12.14-8.58.1 | Dec 11, 2020 | A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local at | |
| CVE-2020-27786 | Hig | 7.8 | < 4.12.14-8.58.1 | 4.12.14-8.58.1 | Dec 11, 2020 | A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of ex | |
| CVE-2020-29661 | Hig | 7.8 | < 4.12.14-8.58.1 | 4.12.14-8.58.1 | Dec 9, 2020 | A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. | |
| CVE-2020-29660 | Med | 4.4 | < 4.12.14-8.58.1 | 4.12.14-8.58.1 | Dec 9, 2020 | A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. | |
| CVE-2020-14381 | Hig | 7.8 | < 4.12.14-8.47.1 | 4.12.14-8.47.1 | Dec 3, 2020 | A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiali | |
| CVE-2020-14351 | Hig | 7.8 | < 4.12.14-8.52.1 | 4.12.14-8.52.1 | Dec 3, 2020 | A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidenti | |
| CVE-2020-25704 | Med | 5.5 | < 4.12.14-8.52.1 | 4.12.14-8.52.1 | Dec 2, 2020 | A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. | |
| CVE-2020-25656 | Med | 4.1 | < 4.12.14-8.52.1 | 4.12.14-8.52.1 | Dec 2, 2020 | A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidential | |
| CVE-2020-29371 | Low | 3.3 | < 4.12.14-8.58.1 | 4.12.14-8.58.1 | Nov 28, 2020 | An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. | |
| CVE-2019-20934 | Med | 5.3 | < 4.12.14-8.58.1 | 4.12.14-8.58.1 | Nov 28, 2020 | An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. | |
| CVE-2020-15437 | Med | 4.4 | < 4.12.14-8.55.1 | 4.12.14-8.55.1 | Nov 23, 2020 | The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. | |
| CVE-2020-15436 | Med | 6.7 | < 4.12.14-8.58.1 | 4.12.14-8.58.1 | Nov 23, 2020 | Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. |
- affected < 4.12.14-8.52.1fixed 4.12.14-8.52.1
A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.
- affected < 4.12.14-8.52.1fixed 4.12.14-8.52.1
A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.
- affected < 4.12.14-8.52.1fixed 4.12.14-8.52.1
Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be
- affected < 4.12.14-8.55.1fixed 4.12.14-8.55.1
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase
- affected < 4.12.14-8.58.1fixed 4.12.14-8.58.1
Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel
- affected < 4.12.14-8.58.1fixed 4.12.14-8.58.1
In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion
- affected < 4.12.14-8.58.1fixed 4.12.14-8.58.1
In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions
- affected < 4.12.14-8.58.1fixed 4.12.14-8.58.1
In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVe
- affected < 4.12.14-8.58.1fixed 4.12.14-8.58.1
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local at
- affected < 4.12.14-8.58.1fixed 4.12.14-8.58.1
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of ex
- affected < 4.12.14-8.58.1fixed 4.12.14-8.58.1
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
- affected < 4.12.14-8.58.1fixed 4.12.14-8.58.1
A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.
- affected < 4.12.14-8.47.1fixed 4.12.14-8.47.1
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiali
- affected < 4.12.14-8.52.1fixed 4.12.14-8.52.1
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidenti
- affected < 4.12.14-8.52.1fixed 4.12.14-8.52.1
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.
- affected < 4.12.14-8.52.1fixed 4.12.14-8.52.1
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidential
- affected < 4.12.14-8.58.1fixed 4.12.14-8.58.1
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.
- affected < 4.12.14-8.58.1fixed 4.12.14-8.58.1
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
- affected < 4.12.14-8.55.1fixed 4.12.14-8.55.1
The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.
- affected < 4.12.14-8.58.1fixed 4.12.14-8.58.1
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
Page 1 of 13