rpm package

suse/lttng-modules&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3

pkg:rpm/suse/lttng-modules&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3

Vulnerabilities (12)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2018-9516	—	< 2.7.1-8.6.1	2.7.1-8.6.1	Nov 6, 2018	In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android
CVE-2018-18281	—	< 2.7.1-8.6.1	2.7.1-8.6.1	Oct 30, 2018	Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits a
CVE-2018-18710	—	< 2.7.1-8.6.1	2.7.1-8.6.1	Oct 27, 2018	An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CV
CVE-2018-18690	—	< 2.7.1-8.6.1	2.7.1-8.6.1	Oct 26, 2018	In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/li
CVE-2018-18386	—	< 2.7.1-8.6.1	2.7.1-8.6.1	Oct 17, 2018	drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
CVE-2018-14633	—	< 2.7.1-8.6.1	2.7.1-8.6.1	Sep 25, 2018	A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes
CVE-2018-3646	—	< 2.7.1-8.4.2	2.7.1-8.4.2	Aug 14, 2018	Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis
CVE-2018-3620	—	< 2.7.1-8.4.2	2.7.1-8.4.2	Aug 14, 2018	Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
CVE-2018-5390	—	< 2.7.1-8.4.2	2.7.1-8.4.2	Aug 6, 2018	Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
CVE-2018-14734	—	< 2.7.1-8.4.2	2.7.1-8.4.2	Jul 29, 2018	drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
CVE-2017-18344	—	< 2.7.1-8.4.2	2.7.1-8.4.2	Jul 26, 2018	The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows
CVE-2017-5715	—	< 2.7.1-8.2.1	2.7.1-8.2.1	Jan 4, 2018	Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

CVE-2018-9516Nov 6, 2018
affected < 2.7.1-8.6.1fixed 2.7.1-8.6.1
In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android
CVE-2018-18281Oct 30, 2018
affected < 2.7.1-8.6.1fixed 2.7.1-8.6.1
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits a
CVE-2018-18710Oct 27, 2018
affected < 2.7.1-8.6.1fixed 2.7.1-8.6.1
An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CV
CVE-2018-18690Oct 26, 2018
affected < 2.7.1-8.6.1fixed 2.7.1-8.6.1
In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/li
CVE-2018-18386Oct 17, 2018
affected < 2.7.1-8.6.1fixed 2.7.1-8.6.1
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
CVE-2018-14633Sep 25, 2018
affected < 2.7.1-8.6.1fixed 2.7.1-8.6.1
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes
CVE-2018-3646Aug 14, 2018
affected < 2.7.1-8.4.2fixed 2.7.1-8.4.2
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis
CVE-2018-3620Aug 14, 2018
affected < 2.7.1-8.4.2fixed 2.7.1-8.4.2
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
CVE-2018-5390Aug 6, 2018
affected < 2.7.1-8.4.2fixed 2.7.1-8.4.2
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
CVE-2018-14734Jul 29, 2018
affected < 2.7.1-8.4.2fixed 2.7.1-8.4.2
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
CVE-2017-18344Jul 26, 2018
affected < 2.7.1-8.4.2fixed 2.7.1-8.4.2
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows
CVE-2017-5715Jan 4, 2018
affected < 2.7.1-8.2.1fixed 2.7.1-8.2.1
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.