VYPR

rpm package

suse/kgraft-patch-SLE12-SP1_Update_26&distro=SUSE OpenStack Cloud 6

pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_26&distro=SUSE%20OpenStack%20Cloud%206

Vulnerabilities (19)

  • CVE-2018-7566Mar 30, 2018
    affected < 1-2.3.1fixed 1-2.3.1

    The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.

  • CVE-2018-1068Mar 16, 2018
    affected < 1-2.3.1fixed 1-2.3.1

    A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.

  • CVE-2017-18221Mar 7, 2018
    affected < 1-2.3.1fixed 1-2.3.1

    The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.

  • CVE-2018-1066Mar 2, 2018
    affected < 1-2.3.1fixed 1-2.3.1

    The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP se

  • CVE-2017-18208Mar 1, 2018
    affected < 1-2.3.1fixed 1-2.3.1

    The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.

  • CVE-2017-18204Feb 27, 2018
    affected < 1-2.3.1fixed 1-2.3.1

    The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.

  • CVE-2018-6927Feb 12, 2018
    affected < 1-2.3.1fixed 1-2.3.1

    The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.

  • CVE-2017-16914Jan 31, 2018
    affected < 1-2.3.1fixed 1-2.3.1

    The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.

  • CVE-2017-16913Jan 31, 2018
    affected < 1-2.3.1fixed 1-2.3.1

    The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP pack

  • CVE-2017-16912Jan 31, 2018
    affected < 1-2.3.1fixed 1-2.3.1

    The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.

  • CVE-2017-16911Jan 31, 2018
    affected < 1-2.3.1fixed 1-2.3.1

    The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.

  • CVE-2018-5333Jan 11, 2018
    affected < 1-2.3.1fixed 1-2.3.1

    In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.

  • CVE-2018-5332Jan 11, 2018
    affected < 1-2.3.1fixed 1-2.3.1

    In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).

  • CVE-2017-18017Jan 3, 2018
    affected < 1-2.3.1fixed 1-2.3.1

    The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presenc

  • CVE-2017-13166HigDec 6, 2017
    affected < 1-2.3.1fixed 1-2.3.1

    An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.

  • CVE-2017-12190MedNov 22, 2017
    affected < 1-2.3.1fixed 1-2.3.1

    The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference

  • CVE-2017-16644MedNov 7, 2017
    affected < 1-2.3.1fixed 1-2.3.1

    The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.

  • CVE-2017-15299MedOct 14, 2017
    affected < 1-2.3.1fixed 1-2.3.1

    The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a c

  • CVE-2016-7915MedNov 16, 2016
    affected < 1-2.3.1fixed 1-2.3.1

    The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech D