rpm package
suse/kernel-bigmem&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
pkg:rpm/suse/kernel-bigmem&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4
Vulnerabilities (189)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-5243 | Med | 5.5 | < 3.0.101-100.1 | 3.0.101-100.1 | Jun 27, 2016 | The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. | |
| CVE-2015-1350 | Med | 5.5 | < 3.0.101-94.1 | 3.0.101-94.1 | May 2, 2016 | The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system | |
| CVE-2016-0823 | Med | 4.0 | < 3.0.101-88.1 | 3.0.101-88.1 | Mar 12, 2016 | The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. | |
| CVE-2015-7513 | Med | 6.5 | < 3.0.101-88.1 | 3.0.101-88.1 | Feb 8, 2016 | arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioc | |
| CVE-2013-4312 | Med | 6.2 | < 3.0.101-88.1 | 3.0.101-88.1 | Feb 8, 2016 | The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. | |
| CVE-2015-5156 | — | < 3.0.101-108.38.1 | 3.0.101-108.38.1 | Oct 19, 2015 | The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence o | ||
| CVE-2014-3688 | — | < 3.0.101-108.60.1 | 3.0.101-108.60.1 | Nov 30, 2014 | The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sct | ||
| CVE-2013-6368 | — | < 3.0.101-94.1 | 3.0.101-94.1 | Dec 14, 2013 | The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. | ||
| CVE-2004-0230 | — | < 3.0.101-94.1 | 3.0.101-94.1 | May 5, 2004 | TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, suc |
- affected < 3.0.101-100.1fixed 3.0.101-100.1
The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
- affected < 3.0.101-94.1fixed 3.0.101-94.1
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system
- affected < 3.0.101-88.1fixed 3.0.101-88.1
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.
- affected < 3.0.101-88.1fixed 3.0.101-88.1
arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioc
- affected < 3.0.101-88.1fixed 3.0.101-88.1
The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
- CVE-2015-5156Oct 19, 2015affected < 3.0.101-108.38.1fixed 3.0.101-108.38.1
The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence o
- CVE-2014-3688Nov 30, 2014affected < 3.0.101-108.60.1fixed 3.0.101-108.60.1
The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sct
- CVE-2013-6368Dec 14, 2013affected < 3.0.101-94.1fixed 3.0.101-94.1
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
- CVE-2004-0230May 5, 2004affected < 3.0.101-94.1fixed 3.0.101-94.1
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, suc
Page 10 of 10