rpm package

suse/kernel-vanilla&distro=SUSE Linux Enterprise High Performance Computing 15-ESPOS

pkg:rpm/suse/kernel-vanilla&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS

Vulnerabilities (387)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2019-20096	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Dec 30, 2019	In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
CVE-2019-20054	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Dec 28, 2019	In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
CVE-2019-19965	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Dec 25, 2019	In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
CVE-2019-19966	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Dec 25, 2019	In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
CVE-2019-19770	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Dec 12, 2019	In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux
CVE-2019-19768	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Dec 12, 2019	In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).
CVE-2019-19447	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Dec 8, 2019	In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
CVE-2019-19462	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Nov 30, 2019	relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
CVE-2019-19377	—	< 4.12.14-150000.150.92.2	4.12.14-150000.150.92.2	Nov 29, 2019	In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
CVE-2019-14897	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Nov 29, 2019	A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together
CVE-2019-19318	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Nov 27, 2019	In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,
CVE-2019-19319	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Nov 27, 2019	In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30
CVE-2019-14896	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Nov 27, 2019	A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called a
CVE-2019-19036	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Nov 21, 2019	btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.
CVE-2019-19054	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Nov 18, 2019	A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.
CVE-2019-19045	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Nov 18, 2019	A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7.
CVE-2019-16994	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Sep 30, 2019	In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.
CVE-2019-16746	—	< 4.12.14-150.55.1	4.12.14-150.55.1	Sep 24, 2019	An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
CVE-2019-9455	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Sep 6, 2019	In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-9458	—	< 4.12.14-150.52.1	4.12.14-150.52.1	Sep 6, 2019	In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2019-20096Dec 30, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
CVE-2019-20054Dec 28, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.
CVE-2019-19965Dec 25, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
CVE-2019-19966Dec 25, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
CVE-2019-19770Dec 12, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux
CVE-2019-19768Dec 12, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).
CVE-2019-19447Dec 8, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.
CVE-2019-19462Nov 30, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.
CVE-2019-19377Nov 29, 2019
affected < 4.12.14-150000.150.92.2fixed 4.12.14-150000.150.92.2
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.
CVE-2019-14897Nov 29, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together
CVE-2019-19318Nov 27, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can cause an rwsem_down_write_slowpath use-after-free because (in rwsem_can_spin_on_owner in kernel/locking/rwsem.c) rwsem_owner_flags returns an already freed pointer,
CVE-2019-19319Nov 27, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30
CVE-2019-14896Nov 27, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called a
CVE-2019-19036Nov 21, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.
CVE-2019-19054Nov 18, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.
CVE-2019-19045Nov 18, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7.
CVE-2019-16994Sep 30, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.
CVE-2019-16746Sep 24, 2019
affected < 4.12.14-150.55.1fixed 4.12.14-150.55.1
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
CVE-2019-9455Sep 6, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-9458Sep 6, 2019
affected < 4.12.14-150.52.1fixed 4.12.14-150.52.1
In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Page 19 of 20