rpm package
suse/kernel-xen&distro=SUSE Linux Enterprise Server 12-LTSS
pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS
Vulnerabilities (221)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-11479 | — | < 3.12.61-52.154.1 | 3.12.61-52.154.1 | Jun 18, 2019 | Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixe | ||
| CVE-2019-11478 | — | < 3.12.61-52.154.1 | 3.12.61-52.154.1 | Jun 18, 2019 | Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fi | ||
| CVE-2019-11477 | — | < 3.12.61-52.154.1 | 3.12.61-52.154.1 | Jun 18, 2019 | Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel | ||
| CVE-2019-3846 | — | < 3.12.61-52.154.1 | 3.12.61-52.154.1 | Jun 3, 2019 | A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. | ||
| CVE-2019-11833 | — | < 3.12.61-52.154.1 | 3.12.61-52.154.1 | May 15, 2019 | fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. | ||
| CVE-2019-11884 | — | < 3.12.61-52.154.1 | 3.12.61-52.154.1 | May 10, 2019 | The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. | ||
| CVE-2019-11190 | — | < 3.12.61-52.154.1 | 3.12.61-52.154.1 | Apr 11, 2019 | The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. | ||
| CVE-2019-5489 | — | < 3.12.61-52.154.1 | 3.12.61-52.154.1 | Jan 7, 2019 | The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincor | ||
| CVE-2018-17972 | — | < 3.12.61-52.154.1 | 3.12.61-52.154.1 | Oct 3, 2018 | An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack | ||
| CVE-2018-14634 | — | KEV | < 3.12.61-52.146.1 | 3.12.61-52.146.1 | Sep 25, 2018 | An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are beli | |
| CVE-2018-17182 | — | < 3.12.61-52.146.1 | 3.12.61-52.146.1 | Sep 19, 2018 | An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and de | ||
| CVE-2018-10853 | — | < 3.12.61-52.146.1 | 3.12.61-52.146.1 | Sep 11, 2018 | A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potential | ||
| CVE-2018-16658 | — | < 3.12.61-52.146.1 | 3.12.61-52.146.1 | Sep 7, 2018 | An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to | ||
| CVE-2018-6555 | — | < 3.12.61-52.146.1 | 3.12.61-52.146.1 | Sep 4, 2018 | The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA | ||
| CVE-2018-6554 | — | < 3.12.61-52.146.1 | 3.12.61-52.146.1 | Sep 4, 2018 | Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. | ||
| CVE-2018-16276 | — | < 3.12.61-52.146.1 | 3.12.61-52.146.1 | Aug 31, 2018 | An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges. | ||
| CVE-2018-10902 | — | < 3.12.61-52.146.1 | 3.12.61-52.146.1 | Aug 21, 2018 | It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local a | ||
| CVE-2018-3646 | — | < 3.12.61-52.141.1 | 3.12.61-52.141.1 | Aug 14, 2018 | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis | ||
| CVE-2018-3620 | — | < 3.12.61-52.141.1 | 3.12.61-52.141.1 | Aug 14, 2018 | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. | ||
| CVE-2018-10883 | — | < 3.12.61-52.146.1 | 3.12.61-52.146.1 | Jul 30, 2018 | A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. |
- CVE-2019-11479Jun 18, 2019affected < 3.12.61-52.154.1fixed 3.12.61-52.154.1
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixe
- CVE-2019-11478Jun 18, 2019affected < 3.12.61-52.154.1fixed 3.12.61-52.154.1
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fi
- CVE-2019-11477Jun 18, 2019affected < 3.12.61-52.154.1fixed 3.12.61-52.154.1
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel
- CVE-2019-3846Jun 3, 2019affected < 3.12.61-52.154.1fixed 3.12.61-52.154.1
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
- CVE-2019-11833May 15, 2019affected < 3.12.61-52.154.1fixed 3.12.61-52.154.1
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.
- CVE-2019-11884May 10, 2019affected < 3.12.61-52.154.1fixed 3.12.61-52.154.1
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character.
- CVE-2019-11190Apr 11, 2019affected < 3.12.61-52.154.1fixed 3.12.61-52.154.1
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.
- CVE-2019-5489Jan 7, 2019affected < 3.12.61-52.154.1fixed 3.12.61-52.154.1
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincor
- CVE-2018-17972Oct 3, 2018affected < 3.12.61-52.154.1fixed 3.12.61-52.154.1
An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack
- affected < 3.12.61-52.146.1fixed 3.12.61-52.146.1
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are beli
- CVE-2018-17182Sep 19, 2018affected < 3.12.61-52.146.1fixed 3.12.61-52.146.1
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and de
- CVE-2018-10853Sep 11, 2018affected < 3.12.61-52.146.1fixed 3.12.61-52.146.1
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potential
- CVE-2018-16658Sep 7, 2018affected < 3.12.61-52.146.1fixed 3.12.61-52.146.1
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to
- CVE-2018-6555Sep 4, 2018affected < 3.12.61-52.146.1fixed 3.12.61-52.146.1
The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA
- CVE-2018-6554Sep 4, 2018affected < 3.12.61-52.146.1fixed 3.12.61-52.146.1
Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.
- CVE-2018-16276Aug 31, 2018affected < 3.12.61-52.146.1fixed 3.12.61-52.146.1
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.
- CVE-2018-10902Aug 21, 2018affected < 3.12.61-52.146.1fixed 3.12.61-52.146.1
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local a
- CVE-2018-3646Aug 14, 2018affected < 3.12.61-52.141.1fixed 3.12.61-52.141.1
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis
- CVE-2018-3620Aug 14, 2018affected < 3.12.61-52.141.1fixed 3.12.61-52.141.1
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
- CVE-2018-10883Jul 30, 2018affected < 3.12.61-52.146.1fixed 3.12.61-52.146.1
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
Page 1 of 12