VYPR

rpm package

suse/kgraft-patch-SLE12-SP5_Update_23&distro=SUSE Linux Enterprise Live Patching 12 SP5

pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_23&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Vulnerabilities (52)

  • CVE-2021-3653Sep 29, 2021
    affected < 1-8.5.1fixed 1-8.5.1

    A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue co

  • CVE-2021-38198Aug 8, 2021
    affected < 1-8.5.1fixed 1-8.5.1

    arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault.

  • CVE-2021-38204Aug 8, 2021
    affected < 1-8.5.1fixed 1-8.5.1

    drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations.

  • CVE-2021-38160Aug 7, 2021
    affected < 1-8.5.1fixed 1-8.5.1

    In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any ex

  • CVE-2021-3679Aug 5, 2021
    affected < 1-8.5.1fixed 1-8.5.1

    A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causin

  • CVE-2021-34556Aug 2, 2021
    affected < 1-8.5.1fixed 1-8.5.1

    In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.

  • CVE-2021-35477Aug 2, 2021
    affected < 1-8.5.1fixed 1-8.5.1

    In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an atta

  • CVE-2020-3702Sep 8, 2020
    affected < 4-2.2fixed 4-2.2

    u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapd

  • CVE-2020-12770May 9, 2020
    affected < 1-8.5.1fixed 1-8.5.1

    An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.

  • CVE-2019-3900Apr 25, 2019
    affected < 1-8.5.1fixed 1-8.5.1

    An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could

  • CVE-2019-3874Mar 25, 2019
    affected < 1-8.5.1fixed 1-8.5.1

    The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.

  • CVE-2018-9517Dec 7, 2018
    affected < 1-8.5.1fixed 1-8.5.1

    In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-3

Page 3 of 3