rpm package
suse/oracleasm&distro=SUSE Real Time Module 15 SP2
pkg:rpm/suse/oracleasm&distro=SUSE%20Real%20Time%20Module%2015%20SP2
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3573 | — | < 2.0.8-1.3.1 | 2.0.8-1.3.1 | Aug 13, 2021 | A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blackl | ||
| CVE-2021-33624 | — | < 2.0.8-1.3.1 | 2.0.8-1.3.1 | Jun 23, 2021 | In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db. | ||
| CVE-2021-0605 | — | < 2.0.8-1.3.1 | 2.0.8-1.3.1 | Jun 22, 2021 | In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Androi | ||
| CVE-2021-0512 | — | < 2.0.8-1.3.1 | 2.0.8-1.3.1 | Jun 21, 2021 | In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Prod | ||
| CVE-2021-34693 | — | < 2.0.8-1.3.1 | 2.0.8-1.3.1 | Jun 14, 2021 | net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. | ||
| CVE-2021-0129 | — | < 2.0.8-1.3.1 | 2.0.8-1.3.1 | Jun 9, 2021 | Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. | ||
| CVE-2020-36386 | — | < 2.0.8-1.3.1 | 2.0.8-1.3.1 | Jun 7, 2021 | An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. | ||
| CVE-2020-36385 | — | < 2.0.8-1.3.1 | 2.0.8-1.3.1 | Jun 7, 2021 | An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. | ||
| CVE-2020-26558 | — | < 2.0.8-1.3.1 | 2.0.8-1.3.1 | May 24, 2021 | Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evide |
- CVE-2021-3573Aug 13, 2021affected < 2.0.8-1.3.1fixed 2.0.8-1.3.1
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blackl
- CVE-2021-33624Jun 23, 2021affected < 2.0.8-1.3.1fixed 2.0.8-1.3.1
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.
- CVE-2021-0605Jun 22, 2021affected < 2.0.8-1.3.1fixed 2.0.8-1.3.1
In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Androi
- CVE-2021-0512Jun 21, 2021affected < 2.0.8-1.3.1fixed 2.0.8-1.3.1
In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Prod
- CVE-2021-34693Jun 14, 2021affected < 2.0.8-1.3.1fixed 2.0.8-1.3.1
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
- CVE-2021-0129Jun 9, 2021affected < 2.0.8-1.3.1fixed 2.0.8-1.3.1
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
- CVE-2020-36386Jun 7, 2021affected < 2.0.8-1.3.1fixed 2.0.8-1.3.1
An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.
- CVE-2020-36385Jun 7, 2021affected < 2.0.8-1.3.1fixed 2.0.8-1.3.1
An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.
- CVE-2020-26558May 24, 2021affected < 2.0.8-1.3.1fixed 2.0.8-1.3.1
Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evide