Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Evergreen
(Opensuse)| Repositories | https://github.com/torvalds/linux |
| #Vulnerabilities | 36 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-11-10 | CVE-2014-8369 | The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601. | Debian_linux, Linux_kernel, Evergreen, Linux_enterprise_real_time_extension, Suse_linux_enterprise_server | 7.8 | ||
| 2014-12-17 | CVE-2014-9322 | arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. | Ubuntu_linux, Android, Linux_kernel, Evergreen, Enterprise_linux_eus, Suse_linux_enterprise_server | 7.8 | ||
| 2015-01-09 | CVE-2014-9585 | The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. | Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Evergreen, Opensuse, Enterprise_linux_aus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_real_time_extension, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension | N/A | ||
| 2015-07-14 | CVE-2015-5122 | Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property,... | Flash_player, Flash_player_desktop_runtime, Evergreen, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_workstation_extension | N/A | ||
| 2014-04-27 | CVE-2014-0181 | The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. | Linux_kernel, Evergreen, Enterprise_linux_desktop, Enterprise_linux_server, Linux_enterprise_real_time_extension, Linux_enterprise_server, Suse_linux_enterprise_server | N/A | ||
| 2014-03-24 | CVE-2014-0131 | Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. | Linux_kernel, Evergreen, Linux_enterprise_server | N/A | ||
| 2014-09-01 | CVE-2014-3601 | The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. | Ubuntu_linux, Linux_kernel, Evergreen, Linux_enterprise_real_time_extension, Linux_enterprise_server, Suse_linux_enterprise_server | N/A | ||
| 2014-11-10 | CVE-2014-3610 | The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. | Ubuntu_linux, Debian_linux, Linux_kernel, Evergreen, Suse_linux_enterprise_server | 5.5 | ||
| 2014-11-10 | CVE-2014-3647 | arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. | Ubuntu_linux, Debian_linux, Linux_kernel, Evergreen, Linux, Enterprise_linux, Suse_linux_enterprise_server | 5.5 | ||
| 2014-11-10 | CVE-2014-3646 | arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. | Ubuntu_linux, Debian_linux, Linux_kernel, Evergreen, Enterprise_linux, Suse_linux_enterprise_server | 5.5 |