VYPR

rpm package

suse/kgraft-patch-SLE12-SP2_Update_13&distro=SUSE Linux Enterprise Server 12 SP2-LTSS

pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_13&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS

Vulnerabilities (18)

  • CVE-2018-10853Sep 11, 2018
    affected < 11-2.1fixed 11-2.1

    A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potential

  • CVE-2018-10938Aug 27, 2018
    affected < 12-2.1fixed 12-2.1

    A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A cer

  • CVE-2018-10902Aug 21, 2018
    affected < 12-2.1fixed 12-2.1

    It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local a

  • CVE-2018-3646Aug 14, 2018
    affected < 11-2.1fixed 11-2.1

    Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis

  • CVE-2018-5390Aug 6, 2018
    affected < 12-2.1fixed 12-2.1

    Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

  • CVE-2017-18344Jul 26, 2018
    affected < 11-2.1fixed 11-2.1

    The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows

  • CVE-2018-3665Jun 21, 2018
    affected < 10-2.1fixed 10-2.1

    System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

  • CVE-2018-1000199May 24, 2018
    affected < 8-2.1fixed 8-2.1

    The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears

  • CVE-2018-1087May 15, 2018
    affected < 9-2.1fixed 9-2.1

    kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During

  • CVE-2018-8897May 8, 2018
    affected < 9-2.1fixed 9-2.1

    A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP

  • CVE-2018-8781Apr 23, 2018
    affected < 9-2.1fixed 9-2.1

    The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages,

  • CVE-2018-7566Mar 30, 2018
    affected < 7-2.2fixed 7-2.2

    The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.

  • CVE-2018-1068Mar 16, 2018
    affected < 7-2.2fixed 7-2.2

    A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.

  • CVE-2018-1000026Feb 9, 2018
    affected < 12-2.1fixed 12-2.1

    Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An atta

  • CVE-2018-1000004Jan 16, 2018
    affected < 7-2.2fixed 7-2.2

    In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.

  • CVE-2017-13166HigDec 6, 2017
    affected < 7-2.2fixed 7-2.2

    An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.

  • CVE-2017-0861HigNov 16, 2017
    affected < 8-2.1fixed 8-2.1

    Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.

  • CVE-2017-11600HigJul 24, 2017
    affected < 11-2.1fixed 11-2.1

    net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspe