rpm package
suse/kgraft-patch-SLE12_Update_31&distro=SUSE Linux Enterprise Server 12-LTSS
pkg:rpm/suse/kgraft-patch-SLE12_Update_31&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS
Vulnerabilities (28)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-13215 | — | < 1-1.7.1 | 1-1.7.1 | Jan 12, 2018 | A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel. | ||
| CVE-2017-5715 | — | < 1-1.7.1 | 1-1.7.1 | Jan 4, 2018 | Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||
| CVE-2017-17806 | Hig | 7.8 | < 1-1.7.1 | 1-1.7.1 | Dec 20, 2017 | The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorith | |
| CVE-2017-17805 | Hig | 7.8 | < 1-1.7.1 | 1-1.7.1 | Dec 20, 2017 | The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and | |
| CVE-2017-17741 | Med | 6.5 | < 1-1.7.1 | 1-1.7.1 | Dec 18, 2017 | The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h. | |
| CVE-2017-13166 | Hig | 7.8 | < 3-2.1 | 3-2.1 | Dec 6, 2017 | An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167. | |
| CVE-2017-0861 | Hig | 7.8 | < 4-2.1 | 4-2.1 | Nov 16, 2017 | Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. | |
| CVE-2017-15649 | Hig | 7.8 | < 2-2.1 | 2-2.1 | Oct 19, 2017 | net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, |
- CVE-2017-13215Jan 12, 2018affected < 1-1.7.1fixed 1-1.7.1
A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.
- CVE-2017-5715Jan 4, 2018affected < 1-1.7.1fixed 1-1.7.1
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
- affected < 1-1.7.1fixed 1-1.7.1
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorith
- affected < 1-1.7.1fixed 1-1.7.1
The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and
- affected < 1-1.7.1fixed 1-1.7.1
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.
- affected < 3-2.1fixed 3-2.1
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.
- affected < 4-2.1fixed 4-2.1
Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.
- affected < 2-2.1fixed 2-2.1
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free,
Page 2 of 2