rpm package
suse/kernel-xen&distro=SUSE Linux Enterprise Server for SAP Applications 12
pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
Vulnerabilities (168)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-9584 | — | < 3.12.38-44.1 | 3.12.38-44.1 | Jan 9, 2015 | The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 | ||
| CVE-2014-9419 | — | < 3.12.38-44.1 | 3.12.38-44.1 | Dec 26, 2014 | The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via | ||
| CVE-2014-7841 | — | < 3.12.38-44.1 | 3.12.38-44.1 | Nov 30, 2014 | The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. | ||
| CVE-2014-8559 | Med | 5.5 | < 3.12.38-44.1 | 3.12.38-44.1 | Nov 10, 2014 | The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application. | |
| CVE-2014-3687 | Hig | 7.5 | < 3.12.38-44.1 | 3.12.38-44.1 | Nov 10, 2014 | The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpr | |
| CVE-2014-3673 | Hig | 7.5 | < 3.12.38-44.1 | 3.12.38-44.1 | Nov 10, 2014 | The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. | |
| CVE-2014-3647 | Med | 5.5 | < 3.12.43-52.6.1 | 3.12.43-52.6.1 | Nov 10, 2014 | arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. | |
| CVE-2014-8086 | Med | 4.7 | < 3.12.43-52.6.1 | 3.12.43-52.6.1 | Oct 13, 2014 | Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag. |
- CVE-2014-9584Jan 9, 2015affected < 3.12.38-44.1fixed 3.12.38-44.1
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660
- CVE-2014-9419Dec 26, 2014affected < 3.12.38-44.1fixed 3.12.38-44.1
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via
- CVE-2014-7841Nov 30, 2014affected < 3.12.38-44.1fixed 3.12.38-44.1
The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.
- affected < 3.12.38-44.1fixed 3.12.38-44.1
The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.
- affected < 3.12.38-44.1fixed 3.12.38-44.1
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpr
- affected < 3.12.38-44.1fixed 3.12.38-44.1
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
- affected < 3.12.43-52.6.1fixed 3.12.43-52.6.1
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
- affected < 3.12.43-52.6.1fixed 3.12.43-52.6.1
Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.
Page 9 of 9