rpm package
suse/kgraft-patch-SLE12-SP3_Update_7&distro=SUSE Linux Enterprise Live Patching 12 SP3
pkg:rpm/suse/kgraft-patch-SLE12-SP3_Update_7&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP3
Vulnerabilities (29)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1000004 | — | < 4-2.1 | 4-2.1 | Jan 16, 2018 | In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. | ||
| CVE-2017-5754 | — | < 1-4.5.1 | 1-4.5.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. | ||
| CVE-2017-5753 | — | < 1-4.5.1 | 1-4.5.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||
| CVE-2017-5715 | — | < 1-4.5.1 | 1-4.5.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||
| CVE-2017-17806 | Hig | 7.8 | < 1-4.5.1 | 1-4.5.1 | Dec 20, 2017 | The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorith | |
| CVE-2017-17805 | Hig | 7.8 | < 1-4.5.1 | 1-4.5.1 | Dec 20, 2017 | The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and | |
| CVE-2017-17712 | Hig | 7.0 | < 2-2.1 | 2-2.1 | Dec 16, 2017 | The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges. | |
| CVE-2017-13166 | Hig | 7.8 | < 4-2.1 | 4-2.1 | Dec 6, 2017 | An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167. | |
| CVE-2017-0861 | Hig | 7.8 | < 5-2.2 | 5-2.2 | Nov 16, 2017 | Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. |
- CVE-2018-1000004Jan 16, 2018affected < 4-2.1fixed 4-2.1
In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.
- CVE-2017-5754Jan 4, 2018affected < 1-4.5.1fixed 1-4.5.1
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
- CVE-2017-5753Jan 4, 2018affected < 1-4.5.1fixed 1-4.5.1
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- CVE-2017-5715Jan 4, 2018affected < 1-4.5.1fixed 1-4.5.1
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- affected < 1-4.5.1fixed 1-4.5.1
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorith
- affected < 1-4.5.1fixed 1-4.5.1
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and
- affected < 2-2.1fixed 2-2.1
The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.
- affected < 4-2.1fixed 4-2.1
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.
- affected < 5-2.2fixed 5-2.2
Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.
Page 2 of 2