rpm package
suse/kernel-xen&distro=SUSE Linux Enterprise Server 11 SP4-LTSS
pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
Vulnerabilities (177)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-12652 | — | < 3.0.101-108.114.1 | 3.0.101-108.114.1 | May 5, 2020 | The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor stat | ||
| CVE-2020-11668 | — | < 3.0.101-108.120.1 | 3.0.101-108.120.1 | Apr 9, 2020 | In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. | ||
| CVE-2020-11608 | — | < 3.0.101-108.111.1 | 3.0.101-108.111.1 | Apr 7, 2020 | An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d. | ||
| CVE-2020-10942 | — | < 3.0.101-108.111.1 | 3.0.101-108.111.1 | Mar 24, 2020 | In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls. | ||
| CVE-2020-9383 | — | < 3.0.101-108.111.1 | 3.0.101-108.111.1 | Feb 25, 2020 | An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. | ||
| CVE-2020-8647 | — | < 3.0.101-108.111.1 | 3.0.101-108.111.1 | Feb 6, 2020 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. | ||
| CVE-2020-8648 | — | < 3.0.101-108.111.1 | 3.0.101-108.111.1 | Feb 6, 2020 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. | ||
| CVE-2020-8649 | — | < 3.0.101-108.111.1 | 3.0.101-108.111.1 | Feb 6, 2020 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. | ||
| CVE-2019-20096 | — | < 3.0.101-108.111.1 | 3.0.101-108.111.1 | Dec 30, 2019 | In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. | ||
| CVE-2019-19965 | — | < 3.0.101-108.111.1 | 3.0.101-108.111.1 | Dec 25, 2019 | In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. | ||
| CVE-2019-19966 | — | < 3.0.101-108.111.1 | 3.0.101-108.111.1 | Dec 25, 2019 | In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655. | ||
| CVE-2019-5108 | — | < 3.0.101-108.117.1 | 3.0.101-108.117.1 | Dec 23, 2019 | An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to d | ||
| CVE-2019-19768 | — | < 3.0.101-108.111.1 | 3.0.101-108.111.1 | Dec 12, 2019 | In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer). | ||
| CVE-2019-19523 | — | < 3.0.101-108.111.1 | 3.0.101-108.111.1 | Dec 3, 2019 | In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79. | ||
| CVE-2019-19524 | — | < 3.0.101-108.111.1 | 3.0.101-108.111.1 | Dec 3, 2019 | In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9. | ||
| CVE-2019-19527 | — | < 3.0.101-108.111.1 | 3.0.101-108.111.1 | Dec 3, 2019 | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e. | ||
| CVE-2019-19530 | — | < 3.0.101-108.111.1 | 3.0.101-108.111.1 | Dec 3, 2019 | In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef. | ||
| CVE-2019-19531 | — | < 3.0.101-108.111.1 | 3.0.101-108.111.1 | Dec 3, 2019 | In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca. | ||
| CVE-2019-19532 | — | < 3.0.101-108.111.1 | 3.0.101-108.111.1 | Dec 3, 2019 | In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-ga | ||
| CVE-2019-19537 | — | < 3.0.101-108.111.1 | 3.0.101-108.111.1 | Dec 3, 2019 | In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c. |
- CVE-2020-12652May 5, 2020affected < 3.0.101-108.114.1fixed 3.0.101-108.114.1
The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor stat
- CVE-2020-11668Apr 9, 2020affected < 3.0.101-108.120.1fixed 3.0.101-108.120.1
In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.
- CVE-2020-11608Apr 7, 2020affected < 3.0.101-108.111.1fixed 3.0.101-108.111.1
An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints, aka CID-998912346c0d.
- CVE-2020-10942Mar 24, 2020affected < 3.0.101-108.111.1fixed 3.0.101-108.111.1
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
- CVE-2020-9383Feb 25, 2020affected < 3.0.101-108.111.1fixed 3.0.101-108.111.1
An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.
- CVE-2020-8647Feb 6, 2020affected < 3.0.101-108.111.1fixed 3.0.101-108.111.1
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.
- CVE-2020-8648Feb 6, 2020affected < 3.0.101-108.111.1fixed 3.0.101-108.111.1
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.
- CVE-2020-8649Feb 6, 2020affected < 3.0.101-108.111.1fixed 3.0.101-108.111.1
There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.
- CVE-2019-20096Dec 30, 2019affected < 3.0.101-108.111.1fixed 3.0.101-108.111.1
In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b.
- CVE-2019-19965Dec 25, 2019affected < 3.0.101-108.111.1fixed 3.0.101-108.111.1
In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5.
- CVE-2019-19966Dec 25, 2019affected < 3.0.101-108.111.1fixed 3.0.101-108.111.1
In the Linux kernel before 5.1.6, there is a use-after-free in cpia2_exit() in drivers/media/usb/cpia2/cpia2_v4l.c that will cause denial of service, aka CID-dea37a972655.
- CVE-2019-5108Dec 23, 2019affected < 3.0.101-108.117.1fixed 3.0.101-108.117.1
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to d
- CVE-2019-19768Dec 12, 2019affected < 3.0.101-108.111.1fixed 3.0.101-108.111.1
In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).
- CVE-2019-19523Dec 3, 2019affected < 3.0.101-108.111.1fixed 3.0.101-108.111.1
In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.
- CVE-2019-19524Dec 3, 2019affected < 3.0.101-108.111.1fixed 3.0.101-108.111.1
In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.
- CVE-2019-19527Dec 3, 2019affected < 3.0.101-108.111.1fixed 3.0.101-108.111.1
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.
- CVE-2019-19530Dec 3, 2019affected < 3.0.101-108.111.1fixed 3.0.101-108.111.1
In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.
- CVE-2019-19531Dec 3, 2019affected < 3.0.101-108.111.1fixed 3.0.101-108.111.1
In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.
- CVE-2019-19532Dec 3, 2019affected < 3.0.101-108.111.1fixed 3.0.101-108.111.1
In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-ga
- CVE-2019-19537Dec 3, 2019affected < 3.0.101-108.111.1fixed 3.0.101-108.111.1
In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.
Page 5 of 9