rpm package

suse/kgraft-patch-SLE12-SP3_Update_30&distro=SUSE Linux Enterprise Server 12 SP3-LTSS

pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_30&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS

Vulnerabilities (47)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2019-18805	—	< 1-4.5.1	1-4.5.1	Nov 7, 2019	An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of servi
CVE-2019-18683	—	< 1-4.5.1	1-4.5.1	Nov 4, 2019	An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race condit
CVE-2019-18680	—	< 1-4.5.1	1-4.5.1	Nov 4, 2019	An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0.
CVE-2019-16746	—	< 6-2.2	6-2.2	Sep 24, 2019	An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
CVE-2019-16231	—	< 1-4.5.1	1-4.5.1	Sep 11, 2019	drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-9458	—	< 6-2.2	6-2.2	Sep 6, 2019	In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-15213	—	< 1-4.5.1	1-4.5.1	Aug 19, 2019	An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.

CVE-2019-18805Nov 7, 2019
affected < 1-4.5.1fixed 1-4.5.1
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of servi
CVE-2019-18683Nov 4, 2019
affected < 1-4.5.1fixed 1-4.5.1
An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race condit
CVE-2019-18680Nov 4, 2019
affected < 1-4.5.1fixed 1-4.5.1
An issue was discovered in the Linux kernel 4.4.x before 4.4.195. There is a NULL pointer dereference in rds_tcp_kill_sock() in net/rds/tcp.c that will cause denial of service, aka CID-91573ae4aed0.
CVE-2019-16746Sep 24, 2019
affected < 6-2.2fixed 6-2.2
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
CVE-2019-16231Sep 11, 2019
affected < 1-4.5.1fixed 1-4.5.1
drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
CVE-2019-9458Sep 6, 2019
affected < 6-2.2fixed 6-2.2
In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-15213Aug 19, 2019
affected < 1-4.5.1fixed 1-4.5.1
An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.

Page 3 of 3