rpm package
suse/kernel-syms-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP1
pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1
Vulnerabilities (249)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-19927 | Med | 6.0 | < 4.12.14-8.27.1 | 4.12.14-8.27.1 | Dec 31, 2019 | In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to | |
| CVE-2019-20096 | Med | 5.5 | < 4.12.14-8.27.1 | 4.12.14-8.27.1 | Dec 30, 2019 | In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. | |
| CVE-2019-20095 | Med | 5.5 | < 4.12.14-8.27.1 | 4.12.14-8.27.1 | Dec 30, 2019 | mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. | |
| CVE-2019-20054 | Med | 5.5 | < 4.12.14-8.27.1 | 4.12.14-8.27.1 | Dec 28, 2019 | In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. | |
| CVE-2019-19966 | Med | 4.6 | < 4.12.14-8.27.1 | 4.12.14-8.27.1 | Dec 25, 2019 | In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. | |
| CVE-2019-19965 | Med | 4.7 | < 4.12.14-8.27.1 | 4.12.14-8.27.1 | Dec 25, 2019 | In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. | |
| CVE-2019-19770 | Hig | 8.2 | < 4.12.14-8.30.1 | 4.12.14-8.30.1 | Dec 12, 2019 | In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux | |
| CVE-2019-19768 | Hig | 7.5 | < 4.12.14-8.30.1 | 4.12.14-8.30.1 | Dec 12, 2019 | In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer). | |
| CVE-2019-19767 | Med | 5.5 | < 4.12.14-8.27.1 | 4.12.14-8.27.1 | Dec 12, 2019 | The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163. | |
| CVE-2019-19447 | Hig | 7.8 | < 4.12.14-8.27.1 | 4.12.14-8.27.1 | Dec 8, 2019 | In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. | |
| CVE-2019-19543 | Hig | 7.8 | < 4.12.14-8.22.1 | 4.12.14-8.22.1 | Dec 3, 2019 | In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. | |
| CVE-2019-19537 | Med | 4.2 | < 4.12.14-8.27.1 | 4.12.14-8.27.1 | Dec 3, 2019 | In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. | |
| CVE-2019-19536 | Med | 4.6 | < 4.12.14-8.22.1 | 4.12.14-8.22.1 | Dec 3, 2019 | In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0. | |
| CVE-2019-19535 | Med | 4.6 | < 4.12.14-8.27.1 | 4.12.14-8.27.1 | Dec 3, 2019 | In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. | |
| CVE-2019-19534 | Low | 2.4 | < 4.12.14-8.22.1 | 4.12.14-8.22.1 | Dec 3, 2019 | In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29. | |
| CVE-2019-19533 | Low | 2.4 | < 4.12.14-8.27.1 | 4.12.14-8.27.1 | Dec 3, 2019 | In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. | |
| CVE-2019-19532 | Med | 6.8 | < 4.12.14-8.27.1 | 4.12.14-8.27.1 | Dec 3, 2019 | In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-ga | |
| CVE-2019-19531 | Med | 6.8 | < 4.12.14-8.22.1 | 4.12.14-8.22.1 | Dec 3, 2019 | In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. | |
| CVE-2019-19530 | Med | 4.6 | < 4.12.14-8.22.1 | 4.12.14-8.22.1 | Dec 3, 2019 | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. | |
| CVE-2019-19529 | Med | 6.3 | < 4.12.14-8.22.1 | 4.12.14-8.22.1 | Dec 3, 2019 | In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41. |
- affected < 4.12.14-8.27.1fixed 4.12.14-8.27.1
In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to
- affected < 4.12.14-8.27.1fixed 4.12.14-8.27.1
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
- affected < 4.12.14-8.27.1fixed 4.12.14-8.27.1
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.
- affected < 4.12.14-8.27.1fixed 4.12.14-8.27.1
In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
- affected < 4.12.14-8.27.1fixed 4.12.14-8.27.1
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
- affected < 4.12.14-8.27.1fixed 4.12.14-8.27.1
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
- affected < 4.12.14-8.30.1fixed 4.12.14-8.30.1
In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux
- affected < 4.12.14-8.30.1fixed 4.12.14-8.30.1
In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).
- affected < 4.12.14-8.27.1fixed 4.12.14-8.27.1
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.
- affected < 4.12.14-8.27.1fixed 4.12.14-8.27.1
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
- affected < 4.12.14-8.22.1fixed 4.12.14-8.22.1
In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.
- affected < 4.12.14-8.27.1fixed 4.12.14-8.27.1
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.
- affected < 4.12.14-8.22.1fixed 4.12.14-8.22.1
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_pro.c driver, aka CID-ead16e53c2f0.
- affected < 4.12.14-8.27.1fixed 4.12.14-8.27.1
In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042.
- affected < 4.12.14-8.22.1fixed 4.12.14-8.22.1
In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.
- affected < 4.12.14-8.27.1fixed 4.12.14-8.27.1
In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.
- affected < 4.12.14-8.27.1fixed 4.12.14-8.27.1
In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-ga
- affected < 4.12.14-8.22.1fixed 4.12.14-8.22.1
In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.
- affected < 4.12.14-8.22.1fixed 4.12.14-8.22.1
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.
- affected < 4.12.14-8.22.1fixed 4.12.14-8.22.1
In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcba_usb.c driver, aka CID-4d6636498c41.
Page 6 of 13