VYPR

rpm package

suse/kgraft-patch-SLE12-SP5_Update_28&distro=SUSE Linux Enterprise Live Patching 12 SP5

pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_28&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Vulnerabilities (47)

  • CVE-2020-36516MedFeb 26, 2022
    affected < 10-2.3fixed 10-2.3

    An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.

  • CVE-2021-4083HigJan 18, 2022
    affected < 1-8.3.2fixed 1-8.3.2

    A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalat

  • CVE-2021-44733HigDec 22, 2021
    affected < 1-8.3.2fixed 1-8.3.2

    A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.

  • CVE-2021-39657MedDec 15, 2021
    affected < 1-8.3.2fixed 1-8.3.2

    In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:

  • CVE-2021-39648MedDec 15, 2021
    affected < 1-8.3.2fixed 1-8.3.2

    In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio

  • CVE-2020-28097MedJun 24, 2021
    affected < 1-8.3.2fixed 1-8.3.2

    The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.

  • CVE-2021-3564MedJun 8, 2021
    affected < 1-8.3.2fixed 1-8.3.2

    A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.

Page 3 of 3

VYPR — Vulnerability Intelligence