rpm package
suse/kgraft-patch-SLE12_Update_36&distro=SUSE Linux Enterprise Server 12-LTSS
pkg:rpm/suse/kgraft-patch-SLE12_Update_36&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS
Vulnerabilities (28)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-5848 | — | < 1-1.3.1 | 1-1.3.1 | Jun 12, 2018 | In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using t | ||
| CVE-2018-5803 | — | < 1-1.3.1 | 1-1.3.1 | Jun 12, 2018 | In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. | ||
| CVE-2018-1130 | — | < 1-1.3.1 | 1-1.3.1 | May 10, 2018 | Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. | ||
| CVE-2017-13305 | — | < 1-1.3.1 | 1-1.3.1 | Apr 4, 2018 | A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974. | ||
| CVE-2018-1094 | — | < 1-1.3.1 | 1-1.3.1 | Apr 2, 2018 | The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 imag | ||
| CVE-2018-1093 | — | < 1-1.3.1 | 1-1.3.1 | Apr 2, 2018 | The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers. | ||
| CVE-2018-1092 | — | < 1-1.3.1 | 1-1.3.1 | Apr 2, 2018 | The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 imag | ||
| CVE-2018-7492 | — | < 1-1.3.1 | 1-1.3.1 | Feb 26, 2018 | A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST. |
- CVE-2018-5848Jun 12, 2018affected < 1-1.3.1fixed 1-1.3.1
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using t
- CVE-2018-5803Jun 12, 2018affected < 1-1.3.1fixed 1-1.3.1
In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
- CVE-2018-1130May 10, 2018affected < 1-1.3.1fixed 1-1.3.1
Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
- CVE-2017-13305Apr 4, 2018affected < 1-1.3.1fixed 1-1.3.1
A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.
- CVE-2018-1094Apr 2, 2018affected < 1-1.3.1fixed 1-1.3.1
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 imag
- CVE-2018-1093Apr 2, 2018affected < 1-1.3.1fixed 1-1.3.1
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.
- CVE-2018-1092Apr 2, 2018affected < 1-1.3.1fixed 1-1.3.1
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 imag
- CVE-2018-7492Feb 26, 2018affected < 1-1.3.1fixed 1-1.3.1
A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.
Page 2 of 2