rpm package
suse/lttng-modules&distro=SUSE Linux Enterprise Server 12 SP1-LTSS
pkg:rpm/suse/lttng-modules&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS
Vulnerabilities (39)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-8564 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | Oct 27, 2020 | A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state. | ||
| CVE-2019-9503 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | Jan 16, 2020 | The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarde | ||
| CVE-2018-12130 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | May 30, 2019 | Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found h | ||
| CVE-2018-12127 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | May 30, 2019 | Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: | ||
| CVE-2018-12126 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | May 30, 2019 | Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found | ||
| CVE-2019-11091 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | May 30, 2019 | Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products c | ||
| CVE-2019-3882 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | Apr 24, 2019 | A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a syste | ||
| CVE-2019-11486 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | Apr 23, 2019 | The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. | ||
| CVE-2019-3460 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | Apr 11, 2019 | A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. | ||
| CVE-2019-3459 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | Apr 11, 2019 | A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. | ||
| CVE-2018-19985 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | Mar 17, 2019 | The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address | ||
| CVE-2019-7222 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | Mar 17, 2019 | The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. | ||
| CVE-2019-7221 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | Mar 17, 2019 | The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. | ||
| CVE-2019-9213 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | Mar 5, 2019 | In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. | ||
| CVE-2019-6974 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | Feb 15, 2019 | In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. | ||
| CVE-2016-10741 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | Feb 1, 2019 | In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure. | ||
| CVE-2018-16884 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | Dec 18, 2018 | A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel m | ||
| CVE-2018-20169 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | Dec 17, 2018 | An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c. | ||
| CVE-2018-9568 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | Dec 6, 2018 | In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. A | ||
| CVE-2018-19824 | — | < 2.7.0-4.4.1 | 2.7.0-4.4.1 | Dec 3, 2018 | In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. |
- CVE-2019-8564Oct 27, 2020affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state.
- CVE-2019-9503Jan 16, 2020affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarde
- CVE-2018-12130May 30, 2019affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found h
- CVE-2018-12127May 30, 2019affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:
- CVE-2018-12126May 30, 2019affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found
- CVE-2019-11091May 30, 2019affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products c
- CVE-2019-3882Apr 24, 2019affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a syste
- CVE-2019-11486Apr 23, 2019affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
- CVE-2019-3460Apr 11, 2019affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
- CVE-2019-3459Apr 11, 2019affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
- CVE-2018-19985Mar 17, 2019affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address
- CVE-2019-7222Mar 17, 2019affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
- CVE-2019-7221Mar 17, 2019affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
- CVE-2019-9213Mar 5, 2019affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.
- CVE-2019-6974Feb 15, 2019affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
- CVE-2016-10741Feb 1, 2019affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.
- CVE-2018-16884Dec 18, 2018affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel m
- CVE-2018-20169Dec 17, 2018affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
- CVE-2018-9568Dec 6, 2018affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. A
- CVE-2018-19824Dec 3, 2018affected < 2.7.0-4.4.1fixed 2.7.0-4.4.1
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.
Page 1 of 2