rpm package

suse/kernel-default&distro=SUSE Linux Enterprise Server 11 SP2-LTSS

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Vulnerabilities (113)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-2543	Med	6.2	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafte
CVE-2016-2384	Med	4.6	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
CVE-2016-2184	Med	4.6	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value i
CVE-2016-2143	Hig	7.8	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/i
CVE-2016-2069	Hig	7.4	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
CVE-2015-8816	Med	6.8	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspe
CVE-2015-8812	Cri	9.8	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
CVE-2015-7515	Med	4.6	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Apr 27, 2016	The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
CVE-2016-0823	Med	4.0	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	Mar 12, 2016	The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.
CVE-2016-0723	Med	6.8	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Feb 8, 2016	Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processin
CVE-2015-8785	Med	6.2	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Feb 8, 2016	The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
CVE-2015-8767	Med	6.2	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Feb 8, 2016	net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
CVE-2015-8575	Med	4.0	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Feb 8, 2016	The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
CVE-2015-8539	Hig	7.8	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Feb 8, 2016	The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/key
CVE-2015-7566	Med	4.6	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Feb 8, 2016	The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks
CVE-2015-7550	Med	5.5	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Feb 8, 2016	The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted app
CVE-2015-7513	Med	6.5	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	Feb 8, 2016	arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioc
CVE-2013-4312	Med	6.2	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	Feb 8, 2016	The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
CVE-2015-8569	Low	2.3	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Dec 28, 2015	The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted applic
CVE-2015-8543	Hig	7.0	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	Dec 28, 2015	The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash)

CVE-2016-2543MedApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafte
CVE-2016-2384MedApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
CVE-2016-2184MedApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value i
CVE-2016-2143HigApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/i
CVE-2016-2069HigApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
CVE-2015-8816MedApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspe
CVE-2015-8812CriApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
CVE-2015-7515MedApr 27, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
CVE-2016-0823MedMar 12, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.
CVE-2016-0723MedFeb 8, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processin
CVE-2015-8785MedFeb 8, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
CVE-2015-8767MedFeb 8, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
CVE-2015-8575MedFeb 8, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
CVE-2015-8539HigFeb 8, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/key
CVE-2015-7566MedFeb 8, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks
CVE-2015-7550MedFeb 8, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted app
CVE-2015-7513MedFeb 8, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioc
CVE-2013-4312MedFeb 8, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
CVE-2015-8569LowDec 28, 2015
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted applic
CVE-2015-8543HigDec 28, 2015
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash)

Page 4 of 6