VYPR

rpm package

suse/kgraft-patch-SLE12-SP3_Update_28&distro=SUSE Linux Enterprise Server 12 SP3-LTSS

pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_28&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS

Vulnerabilities (38)

  • CVE-2019-14816Sep 20, 2019
    affected < 9-2.2fixed 9-2.2

    There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

  • CVE-2019-14835Sep 17, 2019
    affected < 2-2.1fixed 2-2.1

    A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the

  • CVE-2019-9458Sep 6, 2019
    affected < 9-2.2fixed 9-2.2

    In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2019-1125Sep 3, 2019
    affected < 1-4.3.1fixed 1-4.3.1

    An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries. To exploit this vulnerability, an attacker would ha

  • CVE-2019-15666Aug 27, 2019
    affected < 8-2.1fixed 8-2.1

    An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation.

  • CVE-2019-15239Aug 20, 2019
    affected < 4-2.1fixed 4-2.1

    In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by

  • CVE-2019-15117Aug 16, 2019
    affected < 1-4.3.1fixed 1-4.3.1

    parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.

  • CVE-2019-15118Aug 16, 2019
    affected < 1-4.3.1fixed 1-4.3.1

    check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.

  • CVE-2017-18379Jul 27, 2019
    affected < 2-2.1fixed 2-2.1

    In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.

  • CVE-2019-14284Jul 26, 2019
    affected < 1-4.3.1fixed 1-4.3.1

    In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Nex

  • CVE-2019-14283Jul 26, 2019
    affected < 1-4.3.1fixed 1-4.3.1

    In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU c

  • CVE-2018-20856Jul 26, 2019
    affected < 1-4.3.1fixed 1-4.3.1

    An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.

  • CVE-2018-20855Jul 26, 2019
    affected < 1-4.3.1fixed 1-4.3.1

    An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.

  • CVE-2019-13648Jul 19, 2019
    affected < 1-4.3.1fixed 1-4.3.1

    In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/power

  • CVE-2019-13631Jul 17, 2019
    affected < 1-4.3.1fixed 1-4.3.1

    In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.

  • CVE-2019-13272KEVJul 17, 2019
    affected < 4-2.1fixed 4-2.1

    In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relati

  • CVE-2019-11810May 7, 2019
    affected < 1-4.3.1fixed 1-4.3.1

    An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.

  • CVE-2019-3819Jan 25, 2019
    affected < 1-4.3.1fixed 1-4.3.1

    A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Vers

Page 2 of 2