rpm package
suse/kgraft-patch-SLE12_Update_3&distro=SUSE Linux Enterprise Live Patching 12
pkg:rpm/suse/kgraft-patch-SLE12_Update_3&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-9419 | — | < 1-2.2 | 1-2.2 | Dec 26, 2014 | The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via | ||
| CVE-2014-7841 | — | < 1-2.2 | 1-2.2 | Nov 30, 2014 | The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. | ||
| CVE-2014-8559 | Med | 5.5 | < 1-2.2 | 1-2.2 | Nov 10, 2014 | The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application. | |
| CVE-2014-3687 | Hig | 7.5 | < 1-2.2 | 1-2.2 | Nov 10, 2014 | The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpr | |
| CVE-2014-3673 | Hig | 7.5 | < 1-2.2 | 1-2.2 | Nov 10, 2014 | The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. |
- CVE-2014-9419Dec 26, 2014affected < 1-2.2fixed 1-2.2
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via
- CVE-2014-7841Nov 30, 2014affected < 1-2.2fixed 1-2.2
The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.
- affected < 1-2.2fixed 1-2.2
The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.
- affected < 1-2.2fixed 1-2.2
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpr
- affected < 1-2.2fixed 1-2.2
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.
Page 2 of 2