kgraft-patch-SLE12_Update_19 (SUSE:Linux Enterprise Server 12-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12-LTSS package kgraft-patch-SLE12_Update_19, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (50)
CVE-2017-2583 — CVSS 8.4 (high): The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL…
CVE-2017-1000251 — CVSS 8.0 (high): The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are…
CVE-2017-15649 — CVSS 7.8 (high): net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger…
CVE-2017-15868 — CVSS 7.8 (high): The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is…
CVE-2017-16939 — CVSS 7.8 (high): The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or…
CVE-2017-7184 — CVSS 7.8 (high): The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an…
CVE-2014-9904 — CVSS 7.8 (high): The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not…
CVE-2016-5828 — CVSS 7.8 (high): The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional…
CVE-2016-5829 — CVSS 7.8 (high): Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3…
CVE-2017-7308 — CVSS 7.8 (high): The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size…
CVE-2016-7425 — CVSS 7.8 (high): The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain…
CVE-2016-7910 — CVSS 7.8 (high): Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain…
CVE-2016-7911 — CVSS 7.8 (high): Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or…
CVE-2016-7913 — CVSS 7.8 (high): The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges…
CVE-2016-9083 — CVSS 7.8 (high): drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of…
CVE-2016-9084 — CVSS 7.8 (high): drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a…
CVE-2016-4997 — CVSS 7.8 (high): The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before…
CVE-2016-9793 — CVSS 7.8 (high): The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf…
CVE-2016-9806 — CVSS 7.8 (high): Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a…
CVE-2017-5970 — CVSS 7.5 (high): The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service…
CVE-2017-7645 — CVSS 7.5 (high): The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service…
CVE-2017-1000364 — CVSS 7.4 (high): An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can…
CVE-2015-8962 — CVSS 7.3 (high): Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain…
CVE-2017-2584 — CVSS 7.1 (high): arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a…
CVE-2017-1000112 — CVSS 7.0 (high): Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data()…
CVE-2015-8963 — CVSS 7.0 (high): Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service…
CVE-2017-7533 — CVSS 7.0 (high): Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of…
CVE-2017-10661 — CVSS 7.0 (high): Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list…
CVE-2017-2636 — CVSS 7.0 (high): Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of…
CVE-2016-8399 — CVSS 7.0 (high): An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary…
CVE-2016-10088 — CVSS 7.0 (high): The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option…
CVE-2016-8633 — CVSS 6.8 (medium): drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute…
CVE-2016-7042 — CVSS 6.2 (medium): The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack…
CVE-2016-8658 — CVSS 6.1 (medium): Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the…
CVE-2015-8956 — CVSS 6.1 (medium): The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive…
CVE-2017-9242 — CVSS 5.5 (medium): The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of…
CVE-2015-8964 — CVSS 5.5 (medium): The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive…
CVE-2016-4470 — CVSS 5.5 (medium): The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is…
CVE-2016-6327 — CVSS 5.5 (medium): drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer…
CVE-2016-6828 — CVSS 5.5 (medium): The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after…
CVE-2016-7914 — CVSS 5.5 (medium): The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a…
CVE-2016-8645 — CVSS 5.5 (medium): The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system…
CVE-2016-9756 — CVSS 5.5 (medium): arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which…
CVE-2017-15274 — CVSS 5.5 (medium): security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length…
CVE-2017-13080 — CVSS 5.3 (medium): Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an…
CVE-2016-6480 — CVSS 5.1 (medium): Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to…
CVE-2016-5696 — CVSS 4.8 (medium): net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier…
CVE-2016-6130 — CVSS 4.7 (medium): Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to…
CVE-2017-5551 — CVSS 4.4 (medium): The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a…
CVE-2016-7097 — CVSS 4.4 (medium): The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users…