kgraft-patch-SLE12_Update_4 (SUSE:Linux Enterprise Live Patching 12) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Live Patching 12 package kgraft-patch-SLE12_Update_4, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (23)
CVE-2015-8812 — CVSS 9.8 (critical): drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote…
CVE-2015-3331 — CVSS 9.3 (critical): The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine…
CVE-2015-8539 — CVSS 7.8 (high): The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted…
CVE-2016-0728 — CVSS 7.8 (high): The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a…
CVE-2015-5364 — CVSS 7.8 (high): The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which…
CVE-2015-1805 — CVSS 7.2 (high): The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects…
CVE-2015-8709 — CVSS 7.0 (high): kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by…
CVE-2015-2925 — CVSS 6.9 (medium): The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount…
CVE-2015-7613 — CVSS 6.9 (medium): Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an…
CVE-2014-8159 — CVSS 6.9 (medium): The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not…
CVE-2016-0774 — CVSS 6.8 (medium): The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before…
CVE-2015-3339 — CVSS 6.2 (medium): Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by…
CVE-2015-7990 — CVSS 5.8 (medium): Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of…
CVE-2013-7446 — CVSS 5.3 (medium): Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket…
CVE-2015-5366 — CVSS 5.0 (medium): The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which…
CVE-2015-3636 — CVSS 4.9 (medium): The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an…
CVE-2015-2150 — CVSS 4.9 (medium): Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow…
CVE-2015-6937 — CVSS 4.9 (medium): The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service…
CVE-2015-4700 — CVSS 4.9 (medium): The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of…
CVE-2016-2384 — CVSS 4.6 (medium): Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate…
CVE-2015-5707 — CVSS 4.6 (medium): Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to…
CVE-2015-0777 — CVSS 2.1 (low): drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the…
CVE-2015-7872 — CVSS 2.1 (low): The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service…