rpm package
suse/kgraft-patch-SLE12-SP3_Update_42&distro=SUSE Linux Enterprise Server 12 SP3-LTSS
pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_42&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS
Vulnerabilities (32)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-45095 | — | < 1-4.3.1 | 1-4.3.1 | Dec 16, 2021 | pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. | ||
| CVE-2021-39657 | — | < 1-4.3.1 | 1-4.3.1 | Dec 15, 2021 | In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: | ||
| CVE-2021-39648 | — | < 1-4.3.1 | 1-4.3.1 | Dec 15, 2021 | In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio | ||
| CVE-2021-0920 | — | KEV | < 2-2.1 | 2-2.1 | Dec 15, 2021 | In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro | |
| CVE-2018-25020 | — | < 1-4.3.1 | 1-4.3.1 | Dec 8, 2021 | The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter | ||
| CVE-2021-33098 | — | < 1-4.3.1 | 1-4.3.1 | Nov 17, 2021 | Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. | ||
| CVE-2021-43976 | — | < 1-4.3.1 | 1-4.3.1 | Nov 17, 2021 | In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). | ||
| CVE-2021-0935 | — | < 1-4.3.1 | 1-4.3.1 | Oct 25, 2021 | In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid | ||
| CVE-2021-3564 | — | < 1-4.3.1 | 1-4.3.1 | Jun 8, 2021 | A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3. | ||
| CVE-2020-35519 | — | < 1-4.3.1 | 1-4.3.1 | May 6, 2021 | An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak | ||
| CVE-2021-28688 | — | < 2-2.1 | 2-2.1 | Apr 6, 2021 | The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup wo | ||
| CVE-2019-0136 | — | < 1-4.3.1 | 1-4.3.1 | Jun 13, 2019 | Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
- CVE-2021-45095Dec 16, 2021affected < 1-4.3.1fixed 1-4.3.1
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.
- CVE-2021-39657Dec 15, 2021affected < 1-4.3.1fixed 1-4.3.1
In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:
- CVE-2021-39648Dec 15, 2021affected < 1-4.3.1fixed 1-4.3.1
In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio
- affected < 2-2.1fixed 2-2.1
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndro
- CVE-2018-25020Dec 8, 2021affected < 1-4.3.1fixed 1-4.3.1
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter
- CVE-2021-33098Nov 17, 2021affected < 1-4.3.1fixed 1-4.3.1
Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2021-43976Nov 17, 2021affected < 1-4.3.1fixed 1-4.3.1
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
- CVE-2021-0935Oct 25, 2021affected < 1-4.3.1fixed 1-4.3.1
In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid
- CVE-2021-3564Jun 8, 2021affected < 1-4.3.1fixed 1-4.3.1
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.
- CVE-2020-35519May 6, 2021affected < 1-4.3.1fixed 1-4.3.1
An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak
- CVE-2021-28688Apr 6, 2021affected < 2-2.1fixed 2-2.1
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup wo
- CVE-2019-0136Jun 13, 2019affected < 1-4.3.1fixed 1-4.3.1
Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
Page 2 of 2