rpm package
suse/kgraft-patch-SLE12-SP2_Update_20&distro=SUSE Linux Enterprise Live Patching 12
pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_20&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1068 | — | < 1-3.3.1 | 1-3.3.1 | Mar 16, 2018 | A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. | ||
| CVE-2018-8087 | — | < 1-3.3.1 | 1-3.3.1 | Mar 13, 2018 | Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case. | ||
| CVE-2017-18208 | — | < 1-3.3.1 | 1-3.3.1 | Mar 1, 2018 | The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping. | ||
| CVE-2018-1000026 | — | < 1-3.3.1 | 1-3.3.1 | Feb 9, 2018 | Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An atta | ||
| CVE-2017-16913 | — | < 1-3.3.1 | 1-3.3.1 | Jan 31, 2018 | The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP pack | ||
| CVE-2017-16912 | — | < 1-3.3.1 | 1-3.3.1 | Jan 31, 2018 | The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet. | ||
| CVE-2017-17975 | Med | 5.5 | < 1-3.3.1 | 1-3.3.1 | Dec 30, 2017 | Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfr | |
| CVE-2017-13166 | Hig | 7.8 | < 1-3.3.1 | 1-3.3.1 | Dec 6, 2017 | An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167. | |
| CVE-2017-16644 | Med | 6.6 | < 1-3.3.1 | 1-3.3.1 | Nov 7, 2017 | The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device. | |
| CVE-2017-15951 | Hig | 7.8 | < 1-3.3.1 | 1-3.3.1 | Oct 28, 2017 | The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via |
- CVE-2018-1068Mar 16, 2018affected < 1-3.3.1fixed 1-3.3.1
A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.
- CVE-2018-8087Mar 13, 2018affected < 1-3.3.1fixed 1-3.3.1
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.
- CVE-2017-18208Mar 1, 2018affected < 1-3.3.1fixed 1-3.3.1
The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.
- CVE-2018-1000026Feb 9, 2018affected < 1-3.3.1fixed 1-3.3.1
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An atta
- CVE-2017-16913Jan 31, 2018affected < 1-3.3.1fixed 1-3.3.1
The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP pack
- CVE-2017-16912Jan 31, 2018affected < 1-3.3.1fixed 1-3.3.1
The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
- affected < 1-3.3.1fixed 1-3.3.1
Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfr
- affected < 1-3.3.1fixed 1-3.3.1
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.
- affected < 1-3.3.1fixed 1-3.3.1
The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.
- affected < 1-3.3.1fixed 1-3.3.1
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via