kgraft-patch-SLE12-SP5_Update_2 (SUSE:Linux Enterprise Live Patching 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Live Patching 12 SP5 package kgraft-patch-SLE12-SP5_Update_2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (48)
CVE-2019-16746 — CVSS 9.8 (critical): An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in…
CVE-2019-14896 — CVSS 9.8 (critical): A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote…
CVE-2019-14897 — CVSS 9.8 (critical): A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to…
CVE-2019-14901 — CVSS 9.8 (critical): A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The…
CVE-2019-14895 — CVSS 9.8 (critical): A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver…
CVE-2020-12351 — CVSS 8.8 (high): Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2019-19543 — CVSS 7.8 (high): In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c.
CVE-2020-14381 — CVSS 7.8 (high): A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their…
CVE-2020-12653 — CVSS 7.8 (high): An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c…
CVE-2020-10757 — CVSS 7.8 (high): A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker…
CVE-2019-19447 — CVSS 7.8 (high): In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a…
CVE-2020-1749 — CVSS 7.5 (high): A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6…
CVE-2020-25645 — CVSS 7.5 (high): A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is…
CVE-2020-25705 — CVSS 7.4 (high): A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote…
CVE-2020-12654 — CVSS 7.1 (high): An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote…
CVE-2020-11668 — CVSS 7.1 (high): In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors…
CVE-2020-24394 — CVSS 7.1 (high): In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the…
CVE-2020-25212 — CVSS 7.0 (high): A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly…
CVE-2020-25668 — CVSS 7.0 (high): A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free…
CVE-2019-9458 — CVSS 7.0 (high): In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of…
CVE-2019-19532 — CVSS 6.8 (medium): In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux…
CVE-2019-19527 — CVSS 6.8 (medium): In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hidd…
CVE-2019-19531 — CVSS 6.8 (medium): In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c…
CVE-2020-14386 — CVSS 6.7 (medium): A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged…
CVE-2020-0431 — CVSS 6.7 (medium): In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of…
CVE-2020-15780 — CVSS 6.7 (medium): An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs…
CVE-2020-14331 — CVSS 6.6 (medium): A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize…
CVE-2019-5108 — CVSS 6.5 (medium): An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this…
CVE-2019-19529 — CVSS 6.3 (medium): In the Linux kernel before 5.3.11, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/can/usb/mcb…
CVE-2019-19332 — CVSS 6.1 (medium): An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor…
CVE-2019-19528 — CVSS 6.1 (medium): In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarri…
CVE-2019-19338 — CVSS 5.5 (medium): A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle…
CVE-2019-19077 — CVSS 5.5 (medium): A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows…
CVE-2019-19051 — CVSS 5.5 (medium): A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows…
CVE-2018-1000199 — CVSS 5.5 (medium): The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and…
CVE-2020-8694 — CVSS 5.5 (medium): Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable…
CVE-2019-19066 — CVSS 4.7 (medium): A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to…
CVE-2019-19535 — CVSS 4.6 (medium): In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb…
CVE-2019-15213 — CVSS 4.6 (medium): An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the…
CVE-2019-19525 — CVSS 4.6 (medium): In the Linux kernel before 5.3.6, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/net/ieee802154/a…
CVE-2019-19526 — CVSS 4.6 (medium): In the Linux kernel before 5.3.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/nfc/pn533/usb.c…
CVE-2019-19523 — CVSS 4.6 (medium): In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux…
CVE-2019-19536 — CVSS 4.6 (medium): In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb…
CVE-2019-19524 — CVSS 4.6 (medium): In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memles…
CVE-2019-19530 — CVSS 4.6 (medium): In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-a…
CVE-2019-19537 — CVSS 4.2 (medium): In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device…
CVE-2019-19533 — CVSS 2.4 (low): In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/…
CVE-2019-19534 — CVSS 2.4 (low): In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_us…