rpm package

suse/kernel-default&distro=SUSE Linux Enterprise Workstation Extension 12 SP1

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1

Vulnerabilities (131)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-6214	Hig	7.5	< 3.12.74-60.64.40.1	3.12.74-60.64.40.1	Feb 23, 2017	The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.
CVE-2017-6074	Hig	7.8	< 3.12.74-60.64.40.1	3.12.74-60.64.40.1	Feb 18, 2017	The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that
CVE-2017-5986	Med	5.5	< 3.12.74-60.64.40.1	3.12.74-60.64.40.1	Feb 18, 2017	Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.
CVE-2017-5970	Hig	7.5	< 3.12.69-60.64.32.1	3.12.69-60.64.32.1	Feb 14, 2017	The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.
CVE-2016-10044	Hig	7.8	< 3.12.74-60.64.40.1	3.12.74-60.64.40.1	Feb 7, 2017	The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.
CVE-2017-5551	Med	4.4	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Feb 6, 2017	The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on exec
CVE-2017-2583	Hig	8.4	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Feb 6, 2017	The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted app
CVE-2016-10208	Med	4.3	< 3.12.74-60.64.40.1	3.12.74-60.64.40.1	Feb 6, 2017	The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.
CVE-2017-2584	Hig	7.1	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Jan 15, 2017	arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.
CVE-2016-8399	Hig	7.0	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Jan 12, 2017	An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and curren
CVE-2016-10088	Hig	7.0	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Dec 30, 2016	The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by lever
CVE-2016-9806	Hig	7.8	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Dec 28, 2016	Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a
CVE-2016-9794	Hig	7.8	< 3.12.67-60.64.24.1	3.12.67-60.64.24.1	Dec 28, 2016	Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START comm
CVE-2016-9793	Hig	7.8	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Dec 28, 2016	The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leverag
CVE-2016-9756	Med	5.5	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Dec 28, 2016	arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2016-9588	Med	5.5	< 3.12.74-60.64.40.1	3.12.74-60.64.40.1	Dec 28, 2016	arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.
CVE-2016-9576	Hig	7.8	< 3.12.67-60.64.24.1	3.12.67-60.64.24.1	Dec 28, 2016	The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access
CVE-2016-8655	Hig	7.8	< 3.12.67-60.64.21.1	3.12.67-60.64.21.1	Dec 8, 2016	Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockop
CVE-2016-9555	Cri	9.8	< 3.12.67-60.64.21.1	3.12.67-60.64.21.1	Nov 28, 2016	The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP
CVE-2016-9191	Med	5.5	< 3.12.74-60.64.40.1	3.12.74-60.64.40.1	Nov 28, 2016	The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by tr

CVE-2017-6214HigFeb 23, 2017
affected < 3.12.74-60.64.40.1fixed 3.12.74-60.64.40.1
The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.
CVE-2017-6074HigFeb 18, 2017
affected < 3.12.74-60.64.40.1fixed 3.12.74-60.64.40.1
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that
CVE-2017-5986MedFeb 18, 2017
affected < 3.12.74-60.64.40.1fixed 3.12.74-60.64.40.1
Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.
CVE-2017-5970HigFeb 14, 2017
affected < 3.12.69-60.64.32.1fixed 3.12.69-60.64.32.1
The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.
CVE-2016-10044HigFeb 7, 2017
affected < 3.12.74-60.64.40.1fixed 3.12.74-60.64.40.1
The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.
CVE-2017-5551MedFeb 6, 2017
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on exec
CVE-2017-2583HigFeb 6, 2017
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted app
CVE-2016-10208MedFeb 6, 2017
affected < 3.12.74-60.64.40.1fixed 3.12.74-60.64.40.1
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.
CVE-2017-2584HigJan 15, 2017
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.
CVE-2016-8399HigJan 12, 2017
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and curren
CVE-2016-10088HigDec 30, 2016
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by lever
CVE-2016-9806HigDec 28, 2016
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a
CVE-2016-9794HigDec 28, 2016
affected < 3.12.67-60.64.24.1fixed 3.12.67-60.64.24.1
Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START comm
CVE-2016-9793HigDec 28, 2016
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leverag
CVE-2016-9756MedDec 28, 2016
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2016-9588MedDec 28, 2016
affected < 3.12.74-60.64.40.1fixed 3.12.74-60.64.40.1
arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.
CVE-2016-9576HigDec 28, 2016
affected < 3.12.67-60.64.24.1fixed 3.12.67-60.64.24.1
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access
CVE-2016-8655HigDec 8, 2016
affected < 3.12.67-60.64.21.1fixed 3.12.67-60.64.21.1
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockop
CVE-2016-9555CriNov 28, 2016
affected < 3.12.67-60.64.21.1fixed 3.12.67-60.64.21.1
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP
CVE-2016-9191MedNov 28, 2016
affected < 3.12.74-60.64.40.1fixed 3.12.74-60.64.40.1
The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by tr

Page 2 of 7