rpm package
suse/lttng-modules&distro=SUSE Linux Enterprise Module for Development Tools 15
pkg:rpm/suse/lttng-modules&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015
Vulnerabilities (15)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-9363 | — | < 2.10.0-5.6.1 | 2.10.0-5.6.1 | Nov 6, 2018 | In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 Refer | ||
| CVE-2018-10853 | — | < 2.10.0-5.6.1 | 2.10.0-5.6.1 | Sep 11, 2018 | A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potential | ||
| CVE-2018-5391 | — | < 2.10.0-5.4.2 | 2.10.0-5.4.2 | Sep 6, 2018 | The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in I | ||
| CVE-2018-10902 | — | < 2.10.0-5.6.1 | 2.10.0-5.6.1 | Aug 21, 2018 | It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local a | ||
| CVE-2018-15572 | — | < 2.10.0-5.6.1 | 2.10.0-5.6.1 | Aug 20, 2018 | The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. | ||
| CVE-2018-3646 | — | < 2.10.0-5.4.2 | 2.10.0-5.4.2 | Aug 14, 2018 | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis | ||
| CVE-2018-3620 | — | < 2.10.0-5.4.2 | 2.10.0-5.4.2 | Aug 14, 2018 | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. | ||
| CVE-2018-10883 | — | < 2.10.0-5.4.2 | 2.10.0-5.4.2 | Jul 30, 2018 | A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. | ||
| CVE-2018-10882 | — | < 2.10.0-5.4.2 | 2.10.0-5.4.2 | Jul 27, 2018 | A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. | ||
| CVE-2018-10881 | — | < 2.10.0-5.4.2 | 2.10.0-5.4.2 | Jul 26, 2018 | A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. | ||
| CVE-2018-10879 | — | < 2.10.0-5.4.2 | 2.10.0-5.4.2 | Jul 26, 2018 | A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. | ||
| CVE-2018-10878 | — | < 2.10.0-5.4.2 | 2.10.0-5.4.2 | Jul 26, 2018 | A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. | ||
| CVE-2018-10876 | — | < 2.10.0-5.4.2 | 2.10.0-5.4.2 | Jul 26, 2018 | A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. | ||
| CVE-2018-10880 | — | < 2.10.0-5.4.2 | 2.10.0-5.4.2 | Jul 25, 2018 | Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. | ||
| CVE-2018-10877 | — | < 2.10.0-5.4.2 | 2.10.0-5.4.2 | Jul 18, 2018 | Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. |
- CVE-2018-9363Nov 6, 2018affected < 2.10.0-5.6.1fixed 2.10.0-5.6.1
In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 Refer
- CVE-2018-10853Sep 11, 2018affected < 2.10.0-5.6.1fixed 2.10.0-5.6.1
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potential
- CVE-2018-5391Sep 6, 2018affected < 2.10.0-5.4.2fixed 2.10.0-5.4.2
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in I
- CVE-2018-10902Aug 21, 2018affected < 2.10.0-5.6.1fixed 2.10.0-5.6.1
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local a
- CVE-2018-15572Aug 20, 2018affected < 2.10.0-5.6.1fixed 2.10.0-5.6.1
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
- CVE-2018-3646Aug 14, 2018affected < 2.10.0-5.4.2fixed 2.10.0-5.4.2
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis
- CVE-2018-3620Aug 14, 2018affected < 2.10.0-5.4.2fixed 2.10.0-5.4.2
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
- CVE-2018-10883Jul 30, 2018affected < 2.10.0-5.4.2fixed 2.10.0-5.4.2
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
- CVE-2018-10882Jul 27, 2018affected < 2.10.0-5.4.2fixed 2.10.0-5.4.2
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.
- CVE-2018-10881Jul 26, 2018affected < 2.10.0-5.4.2fixed 2.10.0-5.4.2
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
- CVE-2018-10879Jul 26, 2018affected < 2.10.0-5.4.2fixed 2.10.0-5.4.2
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
- CVE-2018-10878Jul 26, 2018affected < 2.10.0-5.4.2fixed 2.10.0-5.4.2
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.
- CVE-2018-10876Jul 26, 2018affected < 2.10.0-5.4.2fixed 2.10.0-5.4.2
A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.
- CVE-2018-10880Jul 25, 2018affected < 2.10.0-5.4.2fixed 2.10.0-5.4.2
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
- CVE-2018-10877Jul 18, 2018affected < 2.10.0-5.4.2fixed 2.10.0-5.4.2
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.