rpm package
suse/ocfs2&distro=SUSE Linux Enterprise High Availability Extension 11 SP4
pkg:rpm/suse/ocfs2&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2011%20SP4
Vulnerabilities (67)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-15291 | — | < 1.6-0.28.11.2 | 1.6-0.28.11.2 | Aug 20, 2019 | An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver. | ||
| CVE-2019-15212 | — | < 1.6-0.28.11.2 | 1.6-0.28.11.2 | Aug 19, 2019 | An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. | ||
| CVE-2019-15216 | — | < 1.6-0.28.11.2 | 1.6-0.28.11.2 | Aug 19, 2019 | An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver. | ||
| CVE-2019-15217 | — | < 1.6-0.28.11.2 | 1.6-0.28.11.2 | Aug 19, 2019 | An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver. | ||
| CVE-2019-15219 | — | < 1.6-0.28.11.2 | 1.6-0.28.11.2 | Aug 19, 2019 | An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver. | ||
| CVE-2018-20976 | — | < 1.6-0.28.11.2 | 1.6-0.28.11.2 | Aug 19, 2019 | An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. | ||
| CVE-2017-18551 | — | < 1.6-0.28.11.2 | 1.6-0.28.11.2 | Aug 19, 2019 | An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated. | ||
| CVE-2019-15118 | — | < 1.6-0.28.11.2 | 1.6-0.28.11.2 | Aug 16, 2019 | check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion. | ||
| CVE-2017-18509 | — | < 1.6-0.28.11.2 | 1.6-0.28.11.2 | Aug 13, 2019 | An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circu | ||
| CVE-2018-19985 | — | < 1.6-0.28.7.1 | 1.6-0.28.7.1 | Mar 17, 2019 | The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address | ||
| CVE-2019-7222 | — | < 1.6-0.28.7.1 | 1.6-0.28.7.1 | Mar 17, 2019 | The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. | ||
| CVE-2016-10741 | — | < 1.6-0.28.7.1 | 1.6-0.28.7.1 | Feb 1, 2019 | In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure. | ||
| CVE-2017-18360 | — | < 1.6-0.28.7.1 | 1.6-0.28.7.1 | Jan 31, 2019 | In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates. | ||
| CVE-2018-20169 | — | < 1.6-0.28.7.1 | 1.6-0.28.7.1 | Dec 17, 2018 | An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c. | ||
| CVE-2018-9568 | — | < 1.6-0.28.7.1 | 1.6-0.28.7.1 | Dec 6, 2018 | In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. A | ||
| CVE-2018-19824 | — | < 1.6-0.28.7.1 | 1.6-0.28.7.1 | Dec 3, 2018 | In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. | ||
| CVE-2018-19407 | — | < 1.6-0.28.7.1 | 1.6-0.28.7.1 | Nov 21, 2018 | The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. | ||
| CVE-2017-7482 | Hig | 7.8 | < 1.6-0.28.3.4 | 1.6-0.28.3.4 | Jul 30, 2018 | In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory | |
| CVE-2017-18079 | Hig | 7.8 | < 1.6-0.28.5.6 | 1.6-0.28.5.6 | Jan 29, 2018 | drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. | |
| CVE-2015-1142857 | Hig | 8.6 | < 1.6-0.28.5.6 | 1.6-0.28.5.6 | Jan 23, 2018 | On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4 |
- CVE-2019-15291Aug 20, 2019affected < 1.6-0.28.11.2fixed 1.6-0.28.11.2
An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.
- CVE-2019-15212Aug 19, 2019affected < 1.6-0.28.11.2fixed 1.6-0.28.11.2
An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.
- CVE-2019-15216Aug 19, 2019affected < 1.6-0.28.11.2fixed 1.6-0.28.11.2
An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.
- CVE-2019-15217Aug 19, 2019affected < 1.6-0.28.11.2fixed 1.6-0.28.11.2
An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.
- CVE-2019-15219Aug 19, 2019affected < 1.6-0.28.11.2fixed 1.6-0.28.11.2
An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.
- CVE-2018-20976Aug 19, 2019affected < 1.6-0.28.11.2fixed 1.6-0.28.11.2
An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.
- CVE-2017-18551Aug 19, 2019affected < 1.6-0.28.11.2fixed 1.6-0.28.11.2
An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.
- CVE-2019-15118Aug 16, 2019affected < 1.6-0.28.11.2fixed 1.6-0.28.11.2
check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.
- CVE-2017-18509Aug 13, 2019affected < 1.6-0.28.11.2fixed 1.6-0.28.11.2
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circu
- CVE-2018-19985Mar 17, 2019affected < 1.6-0.28.7.1fixed 1.6-0.28.7.1
The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address
- CVE-2019-7222Mar 17, 2019affected < 1.6-0.28.7.1fixed 1.6-0.28.7.1
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.
- CVE-2016-10741Feb 1, 2019affected < 1.6-0.28.7.1fixed 1.6-0.28.7.1
In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.
- CVE-2017-18360Jan 31, 2019affected < 1.6-0.28.7.1fixed 1.6-0.28.7.1
In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.
- CVE-2018-20169Dec 17, 2018affected < 1.6-0.28.7.1fixed 1.6-0.28.7.1
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
- CVE-2018-9568Dec 6, 2018affected < 1.6-0.28.7.1fixed 1.6-0.28.7.1
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. A
- CVE-2018-19824Dec 3, 2018affected < 1.6-0.28.7.1fixed 1.6-0.28.7.1
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.
- CVE-2018-19407Nov 21, 2018affected < 1.6-0.28.7.1fixed 1.6-0.28.7.1
The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.
- affected < 1.6-0.28.3.4fixed 1.6-0.28.3.4
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory
- affected < 1.6-0.28.5.6fixed 1.6-0.28.5.6
drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.
- affected < 1.6-0.28.5.6fixed 1.6-0.28.5.6
On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4
Page 2 of 4