rpm package
suse/kgraft-patch-SLE12-SP2_Update_32&distro=SUSE Linux Enterprise Server 12 SP2-LTSS
pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_32&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS
Vulnerabilities (37)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-14816 | — | < 9-2.2 | 9-2.2 | Sep 20, 2019 | There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. | ||
| CVE-2019-14835 | — | < 2-2.1 | 2-2.1 | Sep 17, 2019 | A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the | ||
| CVE-2019-9458 | — | < 9-2.2 | 9-2.2 | Sep 6, 2019 | In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2019-1125 | — | < 1-3.3.1 | 1-3.3.1 | Sep 3, 2019 | An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would ha | ||
| CVE-2019-15666 | — | < 8-2.1 | 8-2.1 | Aug 27, 2019 | An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. | ||
| CVE-2017-18551 | — | < 1-3.3.1 | 1-3.3.1 | Aug 19, 2019 | An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. | ||
| CVE-2019-15117 | — | < 1-3.3.1 | 1-3.3.1 | Aug 16, 2019 | parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. | ||
| CVE-2019-15118 | — | < 1-3.3.1 | 1-3.3.1 | Aug 16, 2019 | check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. | ||
| CVE-2019-14284 | — | < 1-3.3.1 | 1-3.3.1 | Jul 26, 2019 | In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Nex | ||
| CVE-2019-14283 | — | < 1-3.3.1 | 1-3.3.1 | Jul 26, 2019 | In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU c | ||
| CVE-2018-20856 | — | < 1-3.3.1 | 1-3.3.1 | Jul 26, 2019 | An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. | ||
| CVE-2018-20855 | — | < 1-3.3.1 | 1-3.3.1 | Jul 26, 2019 | An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. | ||
| CVE-2019-13631 | — | < 1-3.3.1 | 1-3.3.1 | Jul 17, 2019 | In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages. | ||
| CVE-2019-13272 | — | KEV | < 4-2.1 | 4-2.1 | Jul 17, 2019 | In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relati | |
| CVE-2019-11810 | — | < 1-3.3.1 | 1-3.3.1 | May 7, 2019 | An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. | ||
| CVE-2019-3819 | — | < 1-3.3.1 | 1-3.3.1 | Jan 25, 2019 | A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Vers | ||
| CVE-2018-5390 | — | < 2-2.1 | 2-2.1 | Aug 6, 2018 | Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. |
- CVE-2019-14816Sep 20, 2019affected < 9-2.2fixed 9-2.2
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.
- CVE-2019-14835Sep 17, 2019affected < 2-2.1fixed 2-2.1
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the
- CVE-2019-9458Sep 6, 2019affected < 9-2.2fixed 9-2.2
In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2019-1125Sep 3, 2019affected < 1-3.3.1fixed 1-3.3.1
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would ha
- CVE-2019-15666Aug 27, 2019affected < 8-2.1fixed 8-2.1
An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.
- CVE-2017-18551Aug 19, 2019affected < 1-3.3.1fixed 1-3.3.1
An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.
- CVE-2019-15117Aug 16, 2019affected < 1-3.3.1fixed 1-3.3.1
parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.
- CVE-2019-15118Aug 16, 2019affected < 1-3.3.1fixed 1-3.3.1
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.
- CVE-2019-14284Jul 26, 2019affected < 1-3.3.1fixed 1-3.3.1
In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Nex
- CVE-2019-14283Jul 26, 2019affected < 1-3.3.1fixed 1-3.3.1
In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU c
- CVE-2018-20856Jul 26, 2019affected < 1-3.3.1fixed 1-3.3.1
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.
- CVE-2018-20855Jul 26, 2019affected < 1-3.3.1fixed 1-3.3.1
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.
- CVE-2019-13631Jul 17, 2019affected < 1-3.3.1fixed 1-3.3.1
In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.
- affected < 4-2.1fixed 4-2.1
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relati
- CVE-2019-11810May 7, 2019affected < 1-3.3.1fixed 1-3.3.1
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.
- CVE-2019-3819Jan 25, 2019affected < 1-3.3.1fixed 1-3.3.1
A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Vers
- CVE-2018-5390Aug 6, 2018affected < 2-2.1fixed 2-2.1
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
Page 2 of 2