VYPR

Linux Enterprise Debuginfo

by SUSE S.A.

CVEs (348)

  • CVE-2018-20449Apr 4, 2019
    risk 0.00cvss epss 0.00

    The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file.

  • CVE-2019-8956Apr 1, 2019
    risk 0.00cvss epss 0.01

    In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.

  • CVE-2019-10125Mar 27, 2019
    risk 0.00cvss epss 0.05

    An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a…

  • CVE-2018-20669Mar 18, 2019
    risk 0.00cvss epss 0.01

    An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary…

  • CVE-2019-9857Mar 18, 2019
    risk 0.00cvss epss 0.00

    In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a…

  • CVE-2018-19985Mar 17, 2019
    risk 0.00cvss epss 0.01

    The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel…

  • CVE-2019-7222Mar 17, 2019
    risk 0.00cvss epss 0.01

    The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

  • CVE-2019-7221Mar 17, 2019
    risk 0.00cvss epss 0.01

    The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

  • CVE-2019-9003Feb 22, 2019
    risk 0.00cvss epss 0.05

    In the Linux kernel before 4.20.5, attackers can trigger a drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging for certain simultaneous execution of the code, as demonstrated by a "service ipmievd restart" loop.

  • CVE-2018-20784Feb 22, 2019
    risk 0.00cvss epss 0.04

    In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.

  • CVE-2019-8980Feb 21, 2019
    risk 0.00cvss epss 0.06

    A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.

  • CVE-2019-8912Feb 18, 2019
    risk 0.00cvss epss 0.01

    In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.

  • CVE-2019-6974Feb 15, 2019
    risk 0.00cvss epss 0.17

    In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

  • CVE-2019-7308Feb 1, 2019
    risk 0.00cvss epss 0.01

    kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.

  • CVE-2016-10741Feb 1, 2019
    risk 0.00cvss epss 0.00

    In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.

  • CVE-2017-18360Jan 31, 2019
    risk 0.00cvss epss 0.00

    In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.

  • CVE-2019-5489Jan 7, 2019
    risk 0.00cvss epss 0.01

    The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the…

  • CVE-2019-3701Jan 3, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame…

  • CVE-2018-20511Dec 27, 2018
    risk 0.00cvss epss 0.00

    An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers/net/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT…

  • CVE-2018-16884Dec 18, 2018
    risk 0.00cvss epss 0.01

    A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel…

Page 15 of 18