kgraft-patch-SLE12-SP2_Update_25 (SUSE:Linux Enterprise Server for SAP Applications 12 SP2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server for SAP Applications 12 SP2 package kgraft-patch-SLE12-SP2_Update_25, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (39)
CVE-2019-3846 — CVSS 8.8 (high): A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting…
CVE-2018-9363 — CVSS 8.4 (high): In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional…
CVE-2019-6974 — CVSS 8.1 (high): In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race…
CVE-2018-16884 — CVSS 8.0 (high): A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make…
CVE-2019-11487 — CVSS 7.8 (high): The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of…
CVE-2018-10902 — CVSS 7.8 (high): It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in…
CVE-2018-14678 — CVSS 7.8 (high): An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in…
CVE-2018-10878 — CVSS 7.8 (high): A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or…
CVE-2019-14835 — CVSS 7.8 (high): A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue…
CVE-2018-7480 — CVSS 7.8 (high): The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double…
CVE-2018-6555 — CVSS 7.8 (high): The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows…
CVE-2018-17182 — CVSS 7.8 (high): An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number…
CVE-2018-16276 — CVSS 7.8 (high): An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access…
CVE-2019-11477 — CVSS 7.5 (high): Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when…
CVE-2018-5390 — CVSS 7.5 (high): Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every…
CVE-2018-10877 — CVSS 7.3 (high): Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4…
CVE-2018-14633 — CVSS 7.0 (high): A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication…
CVE-2018-10853 — CVSS 7.0 (high): A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not…
CVE-2018-15572 — CVSS 6.5 (medium): The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a…
CVE-2018-16658 — CVSS 6.1 (medium): An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could…
CVE-2018-10938 — CVSS 5.9 (medium): A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker…
CVE-2018-13095 — CVSS 5.5 (medium): An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and…
CVE-2018-13094 — CVSS 5.5 (medium): An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image…
CVE-2018-13093 — CVSS 5.5 (medium): An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in…
CVE-2018-6554 — CVSS 5.5 (medium): Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17…
CVE-2018-12896 — CVSS 5.5 (medium): An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is…
CVE-2018-10940 — CVSS 5.5 (medium): The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect…
CVE-2018-7757 — CVSS 5.5 (medium): Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local…
CVE-2019-9213 — CVSS 5.5 (medium): In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for…
CVE-2018-14617 — CVSS 5.5 (medium): An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in…
CVE-2018-10880 — CVSS 5.5 (medium): Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in…
CVE-2018-15594 — CVSS 5.5 (medium): arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to…
CVE-2019-11478 — CVSS 5.3 (medium): Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when…
CVE-2018-10876 — CVSS 5.0 (medium): A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when…
CVE-2018-10882 — CVSS 4.8 (medium): A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a…
CVE-2018-10883 — CVSS 4.8 (medium): A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a…
CVE-2018-10881 — CVSS 4.2 (medium): A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a…
CVE-2018-10879 — CVSS 4.2 (medium): A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a…