rpm package
suse/lttng-modules&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2
pkg:rpm/suse/lttng-modules&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2
Vulnerabilities (39)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-14617 | — | < 2.7.1-9.6.1 | 2.7.1-9.6.1 | Jul 27, 2018 | An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only | ||
| CVE-2017-18344 | — | < 2.7.1-9.4.1 | 2.7.1-9.4.1 | Jul 26, 2018 | The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows | ||
| CVE-2018-10881 | — | < 2.7.1-9.6.1 | 2.7.1-9.6.1 | Jul 26, 2018 | A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. | ||
| CVE-2018-10879 | — | < 2.7.1-9.6.1 | 2.7.1-9.6.1 | Jul 26, 2018 | A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. | ||
| CVE-2018-10878 | — | < 2.7.1-9.6.1 | 2.7.1-9.6.1 | Jul 26, 2018 | A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. | ||
| CVE-2018-10876 | — | < 2.7.1-9.6.1 | 2.7.1-9.6.1 | Jul 26, 2018 | A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. | ||
| CVE-2018-10880 | — | < 2.7.1-9.6.1 | 2.7.1-9.6.1 | Jul 25, 2018 | Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. | ||
| CVE-2018-10877 | — | < 2.7.1-9.6.1 | 2.7.1-9.6.1 | Jul 18, 2018 | Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. | ||
| CVE-2018-13406 | — | < 2.7.1-9.4.1 | 2.7.1-9.4.1 | Jul 6, 2018 | An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. | ||
| CVE-2018-13405 | — | < 2.7.1-9.4.1 | 2.7.1-9.4.1 | Jul 6, 2018 | The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the no | ||
| CVE-2018-13095 | — | < 2.7.1-9.6.1 | 2.7.1-9.6.1 | Jul 3, 2018 | An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. | ||
| CVE-2018-13094 | — | < 2.7.1-9.6.1 | 2.7.1-9.6.1 | Jul 3, 2018 | An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. | ||
| CVE-2018-13093 | — | < 2.7.1-9.6.1 | 2.7.1-9.6.1 | Jul 3, 2018 | An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that | ||
| CVE-2018-12896 | — | < 2.7.1-9.6.1 | 2.7.1-9.6.1 | Jul 2, 2018 | An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the a | ||
| CVE-2018-13053 | — | < 2.7.1-9.4.1 | 2.7.1-9.4.1 | Jul 2, 2018 | The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. | ||
| CVE-2018-5814 | — | < 2.7.1-9.4.1 | 2.7.1-9.4.1 | Jun 12, 2018 | In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP pa | ||
| CVE-2018-10940 | — | < 2.7.1-9.6.1 | 2.7.1-9.6.1 | May 9, 2018 | The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. | ||
| CVE-2018-7757 | — | < 2.7.1-9.6.1 | 2.7.1-9.6.1 | Mar 8, 2018 | Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by | ||
| CVE-2018-7480 | — | < 2.7.1-9.6.1 | 2.7.1-9.6.1 | Feb 25, 2018 | The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure. |
- CVE-2018-14617Jul 27, 2018affected < 2.7.1-9.6.1fixed 2.7.1-9.6.1
An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only
- CVE-2017-18344Jul 26, 2018affected < 2.7.1-9.4.1fixed 2.7.1-9.4.1
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows
- CVE-2018-10881Jul 26, 2018affected < 2.7.1-9.6.1fixed 2.7.1-9.6.1
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
- CVE-2018-10879Jul 26, 2018affected < 2.7.1-9.6.1fixed 2.7.1-9.6.1
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
- CVE-2018-10878Jul 26, 2018affected < 2.7.1-9.6.1fixed 2.7.1-9.6.1
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.
- CVE-2018-10876Jul 26, 2018affected < 2.7.1-9.6.1fixed 2.7.1-9.6.1
A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.
- CVE-2018-10880Jul 25, 2018affected < 2.7.1-9.6.1fixed 2.7.1-9.6.1
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
- CVE-2018-10877Jul 18, 2018affected < 2.7.1-9.6.1fixed 2.7.1-9.6.1
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
- CVE-2018-13406Jul 6, 2018affected < 2.7.1-9.4.1fixed 2.7.1-9.4.1
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.
- CVE-2018-13405Jul 6, 2018affected < 2.7.1-9.4.1fixed 2.7.1-9.4.1
The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the no
- CVE-2018-13095Jul 3, 2018affected < 2.7.1-9.6.1fixed 2.7.1-9.6.1
An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.
- CVE-2018-13094Jul 3, 2018affected < 2.7.1-9.6.1fixed 2.7.1-9.6.1
An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.
- CVE-2018-13093Jul 3, 2018affected < 2.7.1-9.6.1fixed 2.7.1-9.6.1
An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that
- CVE-2018-12896Jul 2, 2018affected < 2.7.1-9.6.1fixed 2.7.1-9.6.1
An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the a
- CVE-2018-13053Jul 2, 2018affected < 2.7.1-9.4.1fixed 2.7.1-9.4.1
The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.
- CVE-2018-5814Jun 12, 2018affected < 2.7.1-9.4.1fixed 2.7.1-9.4.1
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP pa
- CVE-2018-10940May 9, 2018affected < 2.7.1-9.6.1fixed 2.7.1-9.6.1
The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
- CVE-2018-7757Mar 8, 2018affected < 2.7.1-9.6.1fixed 2.7.1-9.6.1
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by
- CVE-2018-7480Feb 25, 2018affected < 2.7.1-9.6.1fixed 2.7.1-9.6.1
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.
Page 2 of 2