kernel-rt (SUSE:Linux Enterprise Real Time 12 SP2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Real Time 12 SP2 package kernel-rt, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (93)
CVE-2017-18017 — CVSS 9.8 (critical): The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote…
CVE-2016-7117 — CVSS 9.8 (critical): Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to…
CVE-2017-5897 — CVSS 9.8 (critical): The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving…
CVE-2017-12134 — CVSS 8.8 (high): The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data…
CVE-2017-2583 — CVSS 8.4 (high): The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL…
CVE-2017-1000251 — CVSS 8.0 (high): The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are…
CVE-2017-7308 — CVSS 7.8 (high): The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size…
CVE-2016-4997 — CVSS 7.8 (high): The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before…
CVE-2017-1000111 — CVSS 7.8 (high): Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a…
CVE-2017-1000365 — CVSS 7.8 (high): The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of…
CVE-2017-11473 — CVSS 7.8 (high): Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users…
CVE-2017-15115 — CVSS 7.8 (high): The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a…
CVE-2017-15649 — CVSS 7.8 (high): net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger…
CVE-2017-16939 — CVSS 7.8 (high): The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or…
CVE-2017-17448 — CVSS 7.8 (high): net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del…
CVE-2017-17450 — CVSS 7.8 (high): net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and…
CVE-2017-17805 — CVSS 7.8 (high): The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker…
CVE-2017-17806 — CVSS 7.8 (high): The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash…
CVE-2017-5576 — CVSS 7.8 (high): Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7…
CVE-2017-6074 — CVSS 7.8 (high): The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data…
CVE-2017-6345 — CVSS 7.8 (high): The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which…
CVE-2017-6347 — CVSS 7.8 (high): The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data…
CVE-2017-7184 — CVSS 7.8 (high): The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an…
CVE-2017-7187 — CVSS 7.8 (high): The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based…
CVE-2017-7294 — CVSS 7.8 (high): The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate…
CVE-2017-7374 — CVSS 7.8 (high): Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer…
CVE-2017-7482 — CVSS 7.8 (high): In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This…
CVE-2017-7487 — CVSS 7.8 (high): The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to…
CVE-2017-7541 — CVSS 7.8 (high): The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows…
CVE-2017-8824 — CVSS 7.8 (high): The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial…
CVE-2017-8890 — CVSS 7.8 (high): The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial…
CVE-2017-9074 — CVSS 7.8 (high): The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an…
CVE-2017-9075 — CVSS 7.8 (high): The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local…
CVE-2017-9076 — CVSS 7.8 (high): The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local…
CVE-2017-9077 — CVSS 7.8 (high): The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local…
CVE-2018-5332 — CVSS 7.8 (high): In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation…
CVE-2017-7618 — CVSS 7.5 (high): crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback…
CVE-2017-10810 — CVSS 7.5 (high): Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows…
CVE-2017-1000410 — CVSS 7.5 (high): The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands -…
CVE-2017-6214 — CVSS 7.5 (high): The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service…
CVE-2017-5970 — CVSS 7.5 (high): The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service…
CVE-2016-2117 — CVSS 7.5 (high): The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather…
CVE-2017-1000364 — CVSS 7.4 (high): An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can…
CVE-2017-2584 — CVSS 7.1 (high): arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a…
CVE-2017-11472 — CVSS 7.1 (high): The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and…
CVE-2017-12154 — CVSS 7.1 (high): The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and…
CVE-2016-10200 — CVSS 7.0 (high): Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a…
CVE-2017-17712 — CVSS 7.0 (high): The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to…
CVE-2017-1000112 — CVSS 7.0 (high): Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data()…
CVE-2017-2636 — CVSS 7.0 (high): Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of…
CVE-2017-7533 — CVSS 7.0 (high): Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of…
CVE-2017-6346 — CVSS 7.0 (high): Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free)…
CVE-2017-1000405 — CVSS 7.0 (high): The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP…
CVE-2017-11600 — CVSS 7.0 (high): net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of…
CVE-2017-15265 — CVSS 7.0 (high): Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or…
CVE-2017-16646 — CVSS 6.6 (medium): drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and…
CVE-2017-16645 — CVSS 6.6 (medium): The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a…
CVE-2017-16528 — CVSS 6.6 (medium): sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free…
CVE-2017-16537 — CVSS 6.6 (medium): The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service…
CVE-2017-16536 — CVSS 6.6 (medium): The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause…
CVE-2017-2596 — CVSS 6.5 (medium): The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction…
CVE-2017-8831 — CVSS 6.4 (medium): The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a…
CVE-2018-1000004 — CVSS 5.9 (medium): In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead…
CVE-2017-5715 — CVSS 5.6 (medium): Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of…
CVE-2017-5754 — CVSS 5.6 (medium): Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of…
CVE-2017-5753 — CVSS 5.6 (medium): Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an…
CVE-2017-17862 — CVSS 5.5 (medium): kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT…
CVE-2017-7616 — CVSS 5.5 (medium): Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local…
CVE-2017-1000380 — CVSS 5.5 (medium): sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local…
CVE-2017-7542 — CVSS 5.5 (medium): The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of…
CVE-2017-9150 — CVSS 5.5 (medium): The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for…
CVE-2018-5333 — CVSS 5.5 (medium): In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid…
CVE-2017-9242 — CVSS 5.5 (medium): The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of…
CVE-2017-16994 — CVSS 5.5 (medium): The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local…
CVE-2017-5986 — CVSS 5.5 (medium): Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a…
CVE-2016-9191 — CVSS 5.5 (medium): The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause…
CVE-2017-2671 — CVSS 5.5 (medium): The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently…
CVE-2017-7518 — CVSS 5.5 (medium): A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during…
CVE-2017-5577 — CVSS 5.5 (medium): The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an…
CVE-2017-6353 — CVSS 5.5 (medium): net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states…
CVE-2017-1000252 — CVSS 5.5 (medium): The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor…
CVE-2017-7346 — CVSS 5.5 (medium): The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate…
CVE-2017-12193 — CVSS 5.5 (medium): The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which…
CVE-2017-14106 — CVSS 5.5 (medium): The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service…
CVE-2017-14489 — CVSS 5.5 (medium): The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of…
CVE-2017-7261 — CVSS 5.5 (medium): The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a…
CVE-2017-13080 — CVSS 5.3 (medium): Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an…
CVE-2017-17449 — CVSS 4.7 (medium): The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does…
CVE-2017-15129 — CVSS 4.7 (medium): A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function…
CVE-2017-12153 — CVSS 4.4 (medium): A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This…
CVE-2017-14051 — CVSS 4.4 (medium): An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10…
CVE-2017-5551 — CVSS 4.4 (medium): The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a…
CVE-2017-17864 — CVSS 3.3 (low): kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the…