rpm package
suse/kernel-syms-rt&distro=SUSE Linux Enterprise Real Time 11 SP4
pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4
Vulnerabilities (252)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-9516 | — | < 3.0.101.rt130-69.39.1 | 3.0.101.rt130-69.39.1 | Nov 6, 2018 | In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android | ||
| CVE-2018-18281 | — | < 3.0.101.rt130-69.39.1 | 3.0.101.rt130-69.39.1 | Oct 30, 2018 | Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits a | ||
| CVE-2018-18710 | — | < 3.0.101.rt130-69.39.1 | 3.0.101.rt130-69.39.1 | Oct 27, 2018 | An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CV | ||
| CVE-2018-18386 | — | < 3.0.101.rt130-69.39.1 | 3.0.101.rt130-69.39.1 | Oct 17, 2018 | drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ. | ||
| CVE-2018-14634 | — | KEV | < 3.0.101.rt130-69.36.1 | 3.0.101.rt130-69.36.1 | Sep 25, 2018 | An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are beli | |
| CVE-2018-14633 | — | < 3.0.101.rt130-69.39.1 | 3.0.101.rt130-69.39.1 | Sep 25, 2018 | A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes | ||
| CVE-2018-16658 | — | < 3.0.101.rt130-69.36.1 | 3.0.101.rt130-69.36.1 | Sep 7, 2018 | An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to | ||
| CVE-2018-6555 | — | < 3.0.101.rt130-69.36.1 | 3.0.101.rt130-69.36.1 | Sep 4, 2018 | The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA | ||
| CVE-2018-6554 | — | < 3.0.101.rt130-69.36.1 | 3.0.101.rt130-69.36.1 | Sep 4, 2018 | Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. | ||
| CVE-2018-16276 | — | < 3.0.101.rt130-69.36.1 | 3.0.101.rt130-69.36.1 | Aug 31, 2018 | An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges. | ||
| CVE-2018-10902 | — | < 3.0.101.rt130-69.36.1 | 3.0.101.rt130-69.36.1 | Aug 21, 2018 | It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local a | ||
| CVE-2018-15594 | — | < 3.0.101.rt130-69.36.1 | 3.0.101.rt130-69.36.1 | Aug 20, 2018 | arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. | ||
| CVE-2018-15572 | — | < 3.0.101.rt130-69.36.1 | 3.0.101.rt130-69.36.1 | Aug 20, 2018 | The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. | ||
| CVE-2018-3646 | — | < 3.0.101.rt130-69.33.1 | 3.0.101.rt130-69.33.1 | Aug 14, 2018 | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis | ||
| CVE-2018-3620 | — | < 3.0.101.rt130-69.33.1 | 3.0.101.rt130-69.33.1 | Aug 14, 2018 | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. | ||
| CVE-2017-7482 | — | < 3.0.101.rt130-69.5.1 | 3.0.101.rt130-69.5.1 | Jul 30, 2018 | In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory | ||
| CVE-2018-14734 | — | < 3.0.101.rt130-69.36.1 | 3.0.101.rt130-69.36.1 | Jul 29, 2018 | drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). | ||
| CVE-2018-14617 | — | < 3.0.101.rt130-69.36.1 | 3.0.101.rt130-69.36.1 | Jul 27, 2018 | An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only | ||
| CVE-2018-13406 | — | < 3.0.101.rt130-69.33.1 | 3.0.101.rt130-69.33.1 | Jul 6, 2018 | An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. | ||
| CVE-2018-12896 | — | < 3.0.101.rt130-69.36.1 | 3.0.101.rt130-69.36.1 | Jul 2, 2018 | An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the a |
- CVE-2018-9516Nov 6, 2018affected < 3.0.101.rt130-69.39.1fixed 3.0.101.rt130-69.39.1
In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android
- CVE-2018-18281Oct 30, 2018affected < 3.0.101.rt130-69.39.1fixed 3.0.101.rt130-69.39.1
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits a
- CVE-2018-18710Oct 27, 2018affected < 3.0.101.rt130-69.39.1fixed 3.0.101.rt130-69.39.1
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CV
- CVE-2018-18386Oct 17, 2018affected < 3.0.101.rt130-69.39.1fixed 3.0.101.rt130-69.39.1
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
- affected < 3.0.101.rt130-69.36.1fixed 3.0.101.rt130-69.36.1
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are beli
- CVE-2018-14633Sep 25, 2018affected < 3.0.101.rt130-69.39.1fixed 3.0.101.rt130-69.39.1
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes
- CVE-2018-16658Sep 7, 2018affected < 3.0.101.rt130-69.36.1fixed 3.0.101.rt130-69.36.1
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to
- CVE-2018-6555Sep 4, 2018affected < 3.0.101.rt130-69.36.1fixed 3.0.101.rt130-69.36.1
The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA
- CVE-2018-6554Sep 4, 2018affected < 3.0.101.rt130-69.36.1fixed 3.0.101.rt130-69.36.1
Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.
- CVE-2018-16276Aug 31, 2018affected < 3.0.101.rt130-69.36.1fixed 3.0.101.rt130-69.36.1
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.
- CVE-2018-10902Aug 21, 2018affected < 3.0.101.rt130-69.36.1fixed 3.0.101.rt130-69.36.1
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local a
- CVE-2018-15594Aug 20, 2018affected < 3.0.101.rt130-69.36.1fixed 3.0.101.rt130-69.36.1
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
- CVE-2018-15572Aug 20, 2018affected < 3.0.101.rt130-69.36.1fixed 3.0.101.rt130-69.36.1
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
- CVE-2018-3646Aug 14, 2018affected < 3.0.101.rt130-69.33.1fixed 3.0.101.rt130-69.33.1
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis
- CVE-2018-3620Aug 14, 2018affected < 3.0.101.rt130-69.33.1fixed 3.0.101.rt130-69.33.1
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
- CVE-2017-7482Jul 30, 2018affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory
- CVE-2018-14734Jul 29, 2018affected < 3.0.101.rt130-69.36.1fixed 3.0.101.rt130-69.36.1
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
- CVE-2018-14617Jul 27, 2018affected < 3.0.101.rt130-69.36.1fixed 3.0.101.rt130-69.36.1
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only
- CVE-2018-13406Jul 6, 2018affected < 3.0.101.rt130-69.33.1fixed 3.0.101.rt130-69.33.1
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.
- CVE-2018-12896Jul 2, 2018affected < 3.0.101.rt130-69.36.1fixed 3.0.101.rt130-69.36.1
An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the a
Page 1 of 13