kgraft-patch-SLE12-SP3_Update_37 (SUSE:OpenStack Cloud 8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:OpenStack Cloud 8 package kgraft-patch-SLE12-SP3_Update_37, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2020-29569 — CVSS 8.8 (high): An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the…
CVE-2020-36158 — CVSS 8.8 (high): mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote…
CVE-2018-10902 — CVSS 7.8 (high): It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in…
CVE-2020-0444 — CVSS 7.8 (high): In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to…
CVE-2020-0466 — CVSS 7.8 (high): In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local…
CVE-2020-25669 — CVSS 7.8 (high): A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd…
CVE-2020-27786 — CVSS 7.8 (high): A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl…
CVE-2020-29661 — CVSS 7.8 (high): A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free…
CVE-2021-3347 — CVSS 7.8 (high): An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing…
CVE-2020-11668 — CVSS 7.1 (high): In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors…
CVE-2020-0465 — CVSS 6.8 (medium): In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local…
CVE-2020-15436 — CVSS 6.7 (medium): Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of…
CVE-2020-27777 — CVSS 6.7 (medium): A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure…
CVE-2020-29568 — CVSS 6.5 (medium): An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single…
CVE-2020-25285 — CVSS 6.4 (medium): A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to…
CVE-2020-25211 — CVSS 6.0 (medium): In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing…
CVE-2020-28915 — CVSS 5.8 (medium): A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read…
CVE-2020-27825 — CVSS 5.7 (medium): A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and…
CVE-2019-20934 — CVSS 5.3 (medium): An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in…
CVE-2020-28974 — CVSS 5.0 (medium): A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or…
CVE-2020-4788 — CVSS 4.7 (medium): IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache…
CVE-2020-29660 — CVSS 4.4 (medium): A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and…
CVE-2020-15437 — CVSS 4.4 (medium): The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_p…
CVE-2020-27835 — CVSS 4.4 (medium): A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open…