VYPR

rpm package

suse/kernel-xen&distro=SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE

pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE

Vulnerabilities (263)

  • CVE-2022-1353Apr 29, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.

  • CVE-2022-1048Apr 29, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalat

  • CVE-2022-28356Apr 2, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.

  • CVE-2021-45868Mar 18, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.

  • CVE-2022-1011Mar 18, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

  • CVE-2021-39713Mar 16, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel

  • CVE-2021-26341Mar 11, 2022
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.

  • CVE-2021-0920KEVDec 15, 2021
    affected < 3.0.101-108.201.1fixed 3.0.101-108.201.1

    In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro

  • CVE-2021-43389Nov 4, 2021
    affected < 3.0.101-108.159.1fixed 3.0.101-108.159.1

    An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.

  • CVE-2020-26555May 24, 2021
    affected < 3.0.101-108.150.1fixed 3.0.101-108.150.1

    Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.

  • CVE-2020-16119Jan 14, 2021
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0

  • CVE-2020-15393Jun 29, 2020
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.

  • CVE-2019-3900Apr 25, 2019
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could

  • CVE-2019-3837Apr 11, 2019
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabl

  • CVE-2018-9517Dec 7, 2018
    affected < 3.0.101-108.141.1fixed 3.0.101-108.141.1

    In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-3

  • CVE-2017-18344MedJul 26, 2018
    affected < 3.0.101-108.144.1fixed 3.0.101-108.144.1

    The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows

  • CVE-2018-3639MedMay 22, 2018
    affected < 3.0.101-108.144.1fixed 3.0.101-108.144.1

    Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka

  • CVE-2018-7755MedMar 8, 2018
    affected < 3.0.101-108.138.1fixed 3.0.101-108.138.1

    An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel

  • CVE-2017-5753MedJan 4, 2018
    affected < 3.0.101-108.141.1fixed 3.0.101-108.141.1

    Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

  • CVE-2017-1000253HigKEVOct 5, 2017
    affected < 3.0.101-108.174.1fixed 3.0.101-108.174.1

    Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backpo

Page 13 of 14