rpm package
suse/kgraft-patch-SLE12-SP4_Update_1&distro=SUSE Linux Enterprise Live Patching 12 SP4
pkg:rpm/suse/kgraft-patch-SLE12-SP4_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10220 | Hig | 8.8 | < 7-2.1 | 7-2.1 | Nov 27, 2019 | Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists. | |
| CVE-2019-17133 | Cri | 9.8 | < 7-2.1 | 7-2.1 | Oct 4, 2019 | In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. | |
| CVE-2019-14835 | Hig | 7.8 | < 6-2.1 | 6-2.1 | Sep 17, 2019 | A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the | |
| CVE-2019-15917 | Hig | 7.0 | < 8-2.5 | 8-2.5 | Sep 4, 2019 | An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c. | |
| CVE-2018-16871 | Hig | 7.5 | < 8-2.5 | 8-2.5 | Jul 30, 2019 | A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine an | |
| CVE-2018-20856 | Hig | 7.8 | < 8-2.5 | 8-2.5 | Jul 26, 2019 | An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. | |
| CVE-2019-13272 | Hig | 7.8 | KEV | < 8-2.5 | 8-2.5 | Jul 17, 2019 | In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relati |
| CVE-2019-11478 | Med | 5.3 | < 4-2.1 | 4-2.1 | Jun 19, 2019 | Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fi | |
| CVE-2019-11477 | Hig | 7.5 | < 4-2.1 | 4-2.1 | Jun 19, 2019 | Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel | |
| CVE-2019-3846 | Hig | 8.8 | < 4-2.1 | 4-2.1 | Jun 3, 2019 | A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. | |
| CVE-2019-11085 | Hig | 7.8 | < 4-2.1 | 4-2.1 | May 17, 2019 | Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2019-11487 | Hig | 7.8 | < 4-2.1 | 4-2.1 | Apr 23, 2019 | The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm | |
| CVE-2019-7221 | Hig | 7.8 | < 3-2.1 | 3-2.1 | Mar 21, 2019 | The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. | |
| CVE-2019-9213 | Med | 5.5 | < 3-2.1 | 3-2.1 | Mar 5, 2019 | In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. | |
| CVE-2019-8912 | Hig | 7.8 | < 3-2.1 | 3-2.1 | Feb 18, 2019 | In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. | |
| CVE-2019-6974 | Hig | 8.1 | < 3-2.1 | 3-2.1 | Feb 15, 2019 | In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. | |
| CVE-2018-16884 | Hig | 8.0 | < 2-2.1 | 2-2.1 | Dec 18, 2018 | A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel m | |
| CVE-2018-19824 | Hig | 7.8 | < 1-7.1 | 1-7.1 | Dec 3, 2018 | In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. | |
| CVE-2018-18281 | Hig | 7.8 | < 1-7.1 | 1-7.1 | Oct 30, 2018 | Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits a | |
| CVE-2018-18710 | Med | 5.5 | < 1-7.1 | 1-7.1 | Oct 29, 2018 | An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CV |
- affected < 7-2.1fixed 7-2.1
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
- affected < 7-2.1fixed 7-2.1
In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
- affected < 6-2.1fixed 6-2.1
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the
- affected < 8-2.5fixed 8-2.5
An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.
- affected < 8-2.5fixed 8-2.5
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine an
- affected < 8-2.5fixed 8-2.5
An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.
- affected < 8-2.5fixed 8-2.5
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relati
- affected < 4-2.1fixed 4-2.1
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fi
- affected < 4-2.1fixed 4-2.1
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel
- affected < 4-2.1fixed 4-2.1
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
- affected < 4-2.1fixed 4-2.1
Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
- affected < 4-2.1fixed 4-2.1
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm
- affected < 3-2.1fixed 3-2.1
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
- affected < 3-2.1fixed 3-2.1
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.
- affected < 3-2.1fixed 3-2.1
In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
- affected < 3-2.1fixed 3-2.1
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
- affected < 2-2.1fixed 2-2.1
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel m
- affected < 1-7.1fixed 1-7.1
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.
- affected < 1-7.1fixed 1-7.1
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits a
- affected < 1-7.1fixed 1-7.1
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CV
Page 1 of 2