rpm package
suse/kgraft-patch-SLE12-SP4_Update_17&distro=SUSE Linux Enterprise Live Patching 12 SP4
pkg:rpm/suse/kgraft-patch-SLE12-SP4_Update_17&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4
Vulnerabilities (64)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-0404 | Med | 5.5 | < 1-6.5.1 | 1-6.5.1 | Sep 17, 2020 | In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Produ | |
| CVE-2020-25285 | Med | 6.4 | < 1-6.5.1 | 1-6.5.1 | Sep 13, 2020 | A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. | |
| CVE-2020-25284 | Med | 4.1 | < 1-6.5.1 | 1-6.5.1 | Sep 13, 2020 | The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. | |
| CVE-2020-25212 | Hig | 7.0 | < 1-6.5.1 | 1-6.5.1 | Sep 9, 2020 | A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. |
- affected < 1-6.5.1fixed 1-6.5.1
In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Produ
- affected < 1-6.5.1fixed 1-6.5.1
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.
- affected < 1-6.5.1fixed 1-6.5.1
The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.
- affected < 1-6.5.1fixed 1-6.5.1
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.
Page 4 of 4