rpm package
suse/kgraft-patch-SLE12-SP1_Update_25&distro=SUSE Linux Enterprise Server 12 SP1-LTSS
pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_25&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS
Vulnerabilities (27)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-13215 | — | < 1-2.9.1 | 1-2.9.1 | Jan 12, 2018 | A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel. | ||
| CVE-2017-5715 | — | < 1-2.9.1 | 1-2.9.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||
| CVE-2017-17806 | Hig | 7.8 | < 1-2.9.1 | 1-2.9.1 | Dec 20, 2017 | The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorith | |
| CVE-2017-17805 | Hig | 7.8 | < 1-2.9.1 | 1-2.9.1 | Dec 20, 2017 | The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and | |
| CVE-2017-17741 | Med | 6.5 | < 1-2.9.1 | 1-2.9.1 | Dec 18, 2017 | The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. | |
| CVE-2017-13166 | Hig | 7.8 | < 2-2.1 | 2-2.1 | Dec 6, 2017 | An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167. | |
| CVE-2017-0861 | Hig | 7.8 | < 3-2.1 | 3-2.1 | Nov 16, 2017 | Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. |
- CVE-2017-13215Jan 12, 2018affected < 1-2.9.1fixed 1-2.9.1
A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.
- CVE-2017-5715Jan 4, 2018affected < 1-2.9.1fixed 1-2.9.1
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- affected < 1-2.9.1fixed 1-2.9.1
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorith
- affected < 1-2.9.1fixed 1-2.9.1
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and
- affected < 1-2.9.1fixed 1-2.9.1
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.
- affected < 2-2.1fixed 2-2.1
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.
- affected < 3-2.1fixed 3-2.1
Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.
Page 2 of 2