VYPR

rpm package

suse/kernel-syms-rt&distro=SUSE Linux Enterprise Real Time 12 SP4

pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP4

Vulnerabilities (187)

  • CVE-2020-10768Sep 15, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks

  • CVE-2020-10767Sep 15, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. T

  • CVE-2020-10766Sep 15, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This iss

  • CVE-2020-10773Sep 10, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.

  • CVE-2020-10720Sep 3, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system.

  • CVE-2019-19338Jul 13, 2020
    affected < 4.12.14-8.12.1fixed 4.12.14-8.12.1

    A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw

  • CVE-2020-10769Jun 26, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a

  • CVE-2020-14416Jun 18, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c.

  • CVE-2020-0543Jun 15, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2020-10732Jun 12, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.

  • CVE-2020-10757Jun 9, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.

  • CVE-2020-13974Jun 9, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in

  • CVE-2019-20812Jun 3, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067.

  • CVE-2019-20810Jun 2, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.

  • CVE-2019-20806May 27, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75.

  • CVE-2020-10751May 26, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest

  • CVE-2020-10711May 22, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routi

  • CVE-2020-13143May 18, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.

  • CVE-2020-12888May 15, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.

  • CVE-2020-12769May 9, 2020
    affected < 4.12.14-8.23.1fixed 4.12.14-8.23.1

    An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.

Page 1 of 10