VYPR

rpm package

suse/kgraft-patch-SLE12-SP4_Update_14&distro=SUSE Linux Enterprise Live Patching 12 SP4

pkg:rpm/suse/kgraft-patch-SLE12-SP4_Update_14&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4

Vulnerabilities (56)

  • CVE-2020-13143May 18, 2020
    affected < 1-6.3.1fixed 1-6.3.1

    gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel 3.16 through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4.

  • CVE-2020-12768May 9, 2020
    affected < 1-6.3.1fixed 1-6.3.1

    An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will

  • CVE-2020-12769May 9, 2020
    affected < 1-6.3.1fixed 1-6.3.1

    An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8.

  • CVE-2020-10690May 8, 2020
    affected < 1-6.3.1fixed 1-6.3.1

    There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if

  • CVE-2020-12657May 5, 2020
    affected < 1-6.3.1fixed 1-6.3.1

    An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body.

  • CVE-2020-12656May 5, 2020
    affected < 1-6.3.1fixed 1-6.3.1

    gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not al

  • CVE-2020-12655May 5, 2020
    affected < 1-6.3.1fixed 1-6.3.1

    An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767.

  • CVE-2020-12654May 5, 2020
    affected < 1-6.3.1fixed 1-6.3.1

    An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.

  • CVE-2020-12653May 5, 2020
    affected < 1-6.3.1fixed 1-6.3.1

    An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.

  • CVE-2020-12652May 5, 2020
    affected < 1-6.3.1fixed 1-6.3.1

    The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor stat

  • CVE-2020-12114May 4, 2020
    affected < 1-6.3.1fixed 1-6.3.1

    A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.

  • CVE-2020-12464Apr 29, 2020
    affected < 1-6.3.1fixed 1-6.3.1

    usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.

  • CVE-2019-19462Nov 30, 2019
    affected < 1-6.3.1fixed 1-6.3.1

    relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows local users to cause a denial of service (such as relay blockage) by triggering a NULL alloc_percpu result.

  • CVE-2019-16746Sep 24, 2019
    affected < 2-2.2fixed 2-2.2

    An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.

  • CVE-2019-9455Sep 6, 2019
    affected < 1-6.3.1fixed 1-6.3.1

    In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2018-1000199MedMay 24, 2018
    affected < 1-6.3.1fixed 1-6.3.1

    The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears

Page 3 of 3