rpm package

suse/kernel-default&distro=SUSE Linux Enterprise Server 11 SP2-LTSS

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Vulnerabilities (113)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-4482	Med	6.2	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	May 23, 2016	The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
CVE-2016-3140	Med	4.6	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	May 2, 2016	The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-3138	Med	4.6	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	May 2, 2016	The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.
CVE-2016-3137	Med	4.6	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	May 2, 2016	drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the c
CVE-2016-2188	Med	4.6	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	May 2, 2016	The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-2187	Med	4.6	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	May 2, 2016	The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-2186	Med	4.6	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	May 2, 2016	The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-2185	Med	4.6	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	May 2, 2016	The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2015-1350	Med	5.5	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	May 2, 2016	The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system
CVE-2016-3156	Med	5.5	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
CVE-2016-3139	Med	4.6	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-3134	Hig	8.4	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
CVE-2016-2847	Med	6.2	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
CVE-2016-2782	Med	4.6	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1
CVE-2016-2549	Med	6.2	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.
CVE-2016-2548	Med	6.2	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.
CVE-2016-2547	Med	5.1	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.
CVE-2016-2546	Med	5.1	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.
CVE-2016-2545	Med	5.1	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call.
CVE-2016-2544	Med	5.1	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.

CVE-2016-4482MedMay 23, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
CVE-2016-3140MedMay 2, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-3138MedMay 2, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.
CVE-2016-3137MedMay 2, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the c
CVE-2016-2188MedMay 2, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-2187MedMay 2, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-2186MedMay 2, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-2185MedMay 2, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2015-1350MedMay 2, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system
CVE-2016-3156MedApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
CVE-2016-3139MedApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-3134HigApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
CVE-2016-2847MedApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
CVE-2016-2782MedApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1
CVE-2016-2549MedApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.
CVE-2016-2548MedApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.
CVE-2016-2547MedApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.
CVE-2016-2546MedApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.
CVE-2016-2545MedApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call.
CVE-2016-2544MedApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.

Page 3 of 6