rpm package
suse/kgraft-patch-SLE12-SP2_Update_33&distro=SUSE OpenStack Cloud 7
pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_33&distro=SUSE%20OpenStack%20Cloud%207
Vulnerabilities (48)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-15220 | — | < 1-3.5.1 | 1-3.5.1 | Aug 19, 2019 | An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver. | ||
| CVE-2019-15221 | — | < 1-3.5.1 | 1-3.5.1 | Aug 19, 2019 | An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver. | ||
| CVE-2018-20976 | — | < 1-3.5.1 | 1-3.5.1 | Aug 19, 2019 | An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. | ||
| CVE-2016-10906 | — | < 1-3.5.1 | 1-3.5.1 | Aug 19, 2019 | An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean. | ||
| CVE-2019-15098 | — | < 1-3.5.1 | 1-3.5.1 | Aug 16, 2019 | drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. | ||
| CVE-2019-9506 | — | < 1-3.5.1 | 1-3.5.1 | Aug 14, 2019 | The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inje | ||
| CVE-2017-18509 | — | < 1-3.5.1 | 1-3.5.1 | Aug 13, 2019 | An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circu | ||
| CVE-2019-13272 | — | KEV | < 1-3.5.1 | 1-3.5.1 | Jul 17, 2019 | In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relati |
- CVE-2019-15220Aug 19, 2019affected < 1-3.5.1fixed 1-3.5.1
An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers/net/wireless/intersil/p54/p54usb.c driver.
- CVE-2019-15221Aug 19, 2019affected < 1-3.5.1fixed 1-3.5.1
An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.
- CVE-2018-20976Aug 19, 2019affected < 1-3.5.1fixed 1-3.5.1
An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.
- CVE-2016-10906Aug 19, 2019affected < 1-3.5.1fixed 1-3.5.1
An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean.
- CVE-2019-15098Aug 16, 2019affected < 1-3.5.1fixed 1-3.5.1
drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
- CVE-2019-9506Aug 14, 2019affected < 1-3.5.1fixed 1-3.5.1
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inje
- CVE-2017-18509Aug 13, 2019affected < 1-3.5.1fixed 1-3.5.1
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circu
- affected < 1-3.5.1fixed 1-3.5.1
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relati
Page 3 of 3