VYPR

rpm package

suse/kgraft-patch-SLE12-SP4_Update_21&distro=SUSE Linux Enterprise Live Patching 12 SP4

pkg:rpm/suse/kgraft-patch-SLE12-SP4_Update_21&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP4

Vulnerabilities (47)

  • CVE-2020-26141MedMay 11, 2021
    affected < 1-6.3.1fixed 1-6.3.1

    An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 network

  • CVE-2020-26139MedMay 11, 2021
    affected < 1-6.3.1fixed 1-6.3.1

    An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against c

  • CVE-2020-24587May 11, 2021
    affected < 1-6.3.1fixed 1-6.3.1

    The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends f

  • CVE-2020-24586May 11, 2021
    affected < 1-6.3.1fixed 1-6.3.1

    The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented

  • CVE-2021-32399May 10, 2021
    affected < 1-6.3.1fixed 1-6.3.1

    net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.

  • CVE-2021-23133Apr 22, 2021
    affected < 1-6.3.1fixed 1-6.3.1

    A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is re

  • CVE-2020-3702Sep 8, 2020
    affected < 9-2.2fixed 9-2.2

    u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapd

Page 3 of 3