Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Evergreen
(Opensuse)Repositories | https://github.com/torvalds/linux |
#Vulnerabilities | 43 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2014-11-10 | CVE-2014-3647 | arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. | Ubuntu_linux, Debian_linux, Linux_kernel, Evergreen, Linux, Enterprise_linux, Suse_linux_enterprise_server | 5.5 | ||
2014-11-10 | CVE-2014-3646 | arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. | Ubuntu_linux, Debian_linux, Linux_kernel, Evergreen, Enterprise_linux, Suse_linux_enterprise_server | 5.5 | ||
2014-11-10 | CVE-2014-3673 | The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. | Ubuntu_linux, Debian_linux, Linux_kernel, Evergreen, Linux, Enterprise_linux, Enterprise_mrg, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server | 7.5 | ||
2014-11-10 | CVE-2014-3687 | The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. | Ubuntu_linux, Debian_linux, Linux_kernel, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Evergreen, Linux, Enterprise_mrg, Linux_enterprise_real_time_extension, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server | 7.5 | ||
2014-11-10 | CVE-2014-3690 | arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU. | Ubuntu_linux, Debian_linux, Linux_kernel, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Evergreen, Enterprise_linux, Linux_enterprise_real_time_extension, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension | 5.5 | ||
2014-11-10 | CVE-2014-7826 | kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. | Linux_kernel, Evergreen, Suse_linux_enterprise_server | 7.8 | ||
2014-12-12 | CVE-2014-8134 | The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. | Ubuntu_linux, Linux_kernel, Evergreen, Opensuse, Linux, Suse_linux_enterprise_server | 3.3 | ||
2015-01-09 | CVE-2014-9584 | The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. | Ubuntu_linux, Debian_linux, Linux_kernel, Evergreen, Opensuse, Linux, Enterprise_linux_aus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_real_time_extension, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension | N/A | ||
2014-10-15 | CVE-2014-0564 | Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0558. | Air_desktop_runtime, Air_sdk, Flash_player, Flash_player_desktop_runtime, Evergreen, Opensuse, Linux_enterprise_desktop | N/A | ||
2014-10-15 | CVE-2014-0569 | Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors. | Air_desktop_runtime, Air_sdk, Flash_player, Flash_player_desktop_runtime, Evergreen, Opensuse, Linux_enterprise_desktop | N/A |