rpm package

suse/kernel-ec2&distro=SUSE Linux Enterprise Module for Public Cloud 12

pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012

Vulnerabilities (409)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-15115	Hig	7.8	< 3.12.74-60.64.69.1	3.12.74-60.64.69.1	Nov 15, 2017	The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other imp
CVE-2017-15102	Med	6.3	< 3.12.74-60.64.66.1	3.12.74-60.64.66.1	Nov 15, 2017	The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a
CVE-2017-16650	Med	6.6	< 3.12.74-60.64.66.1	3.12.74-60.64.66.1	Nov 7, 2017	The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16649	Med	6.6	< 3.12.74-60.64.66.1	3.12.74-60.64.66.1	Nov 7, 2017	The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16644	Med	6.6	< 3.12.61-52.125.1	3.12.61-52.125.1	Nov 7, 2017	The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16538	Med	6.6	< 3.12.74-60.64.69.1	3.12.74-60.64.69.1	Nov 4, 2017	drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and inc
CVE-2017-16537	Med	6.6	< 3.12.74-60.64.66.1	3.12.74-60.64.66.1	Nov 4, 2017	The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16536	Med	6.6	< 3.12.74-60.64.66.1	3.12.74-60.64.66.1	Nov 4, 2017	The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16535	Med	6.6	< 3.12.74-60.64.66.1	3.12.74-60.64.66.1	Nov 4, 2017	The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16534	Med	6.8	< 3.12.74-60.64.69.1	3.12.74-60.64.69.1	Nov 4, 2017	The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16533	Med	6.6	< 3.12.74-60.64.110.1	3.12.74-60.64.110.1	Nov 4, 2017	The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16531	Med	6.6	< 3.12.74-60.64.66.1	3.12.74-60.64.66.1	Nov 4, 2017	drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.
CVE-2017-16529	Med	6.6	< 3.12.74-60.64.66.1	3.12.74-60.64.66.1	Nov 4, 2017	The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16527	Med	6.6	< 3.12.74-60.64.66.1	3.12.74-60.64.66.1	Nov 4, 2017	sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16525	Med	6.6	< 3.12.74-60.64.66.1	3.12.74-60.64.66.1	Nov 4, 2017	The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnect
CVE-2017-15649	Hig	7.8	< 3.12.74-60.64.63.1	3.12.74-60.64.63.1	Oct 19, 2017	net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free,
CVE-2017-13080	Med	5.3	< 3.12.74-60.64.63.1	3.12.74-60.64.63.1	Oct 17, 2017	Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-15265	Hig	7.0	< 3.12.74-60.64.63.1	3.12.74-60.64.63.1	Oct 16, 2017	Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq
CVE-2017-15299	Med	5.5	< 3.12.61-52.125.1	3.12.61-52.125.1	Oct 14, 2017	The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a c
CVE-2017-15274	Med	5.5	< 3.12.74-60.64.63.1	3.12.74-60.64.63.1	Oct 12, 2017	security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call,

CVE-2017-15115HigNov 15, 2017
affected < 3.12.74-60.64.69.1fixed 3.12.74-60.64.69.1
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other imp
CVE-2017-15102MedNov 15, 2017
affected < 3.12.74-60.64.66.1fixed 3.12.74-60.64.66.1
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a
CVE-2017-16650MedNov 7, 2017
affected < 3.12.74-60.64.66.1fixed 3.12.74-60.64.66.1
The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16649MedNov 7, 2017
affected < 3.12.74-60.64.66.1fixed 3.12.74-60.64.66.1
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16644MedNov 7, 2017
affected < 3.12.61-52.125.1fixed 3.12.61-52.125.1
The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16538MedNov 4, 2017
affected < 3.12.74-60.64.69.1fixed 3.12.74-60.64.69.1
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and inc
CVE-2017-16537MedNov 4, 2017
affected < 3.12.74-60.64.66.1fixed 3.12.74-60.64.66.1
The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16536MedNov 4, 2017
affected < 3.12.74-60.64.66.1fixed 3.12.74-60.64.66.1
The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16535MedNov 4, 2017
affected < 3.12.74-60.64.66.1fixed 3.12.74-60.64.66.1
The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16534MedNov 4, 2017
affected < 3.12.74-60.64.69.1fixed 3.12.74-60.64.69.1
The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16533MedNov 4, 2017
affected < 3.12.74-60.64.110.1fixed 3.12.74-60.64.110.1
The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16531MedNov 4, 2017
affected < 3.12.74-60.64.66.1fixed 3.12.74-60.64.66.1
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.
CVE-2017-16529MedNov 4, 2017
affected < 3.12.74-60.64.66.1fixed 3.12.74-60.64.66.1
The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16527MedNov 4, 2017
affected < 3.12.74-60.64.66.1fixed 3.12.74-60.64.66.1
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16525MedNov 4, 2017
affected < 3.12.74-60.64.66.1fixed 3.12.74-60.64.66.1
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnect
CVE-2017-15649HigOct 19, 2017
affected < 3.12.74-60.64.63.1fixed 3.12.74-60.64.63.1
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free,
CVE-2017-13080MedOct 17, 2017
affected < 3.12.74-60.64.63.1fixed 3.12.74-60.64.63.1
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
CVE-2017-15265HigOct 16, 2017
affected < 3.12.74-60.64.63.1fixed 3.12.74-60.64.63.1
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq
CVE-2017-15299MedOct 14, 2017
affected < 3.12.61-52.125.1fixed 3.12.61-52.125.1
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a c
CVE-2017-15274MedOct 12, 2017
affected < 3.12.74-60.64.63.1fixed 3.12.74-60.64.63.1
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call,

Page 10 of 21