rpm package

suse/kernel-ec2&distro=SUSE Linux Enterprise Module for Public Cloud 12

pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012

Vulnerabilities (409)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-10208	Med	4.3	< 3.12.61-52.72.1	3.12.61-52.72.1	Feb 6, 2017	The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.
CVE-2017-2584	Hig	7.1	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Jan 15, 2017	arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.
CVE-2016-8399	Hig	7.0	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Jan 12, 2017	An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and curren
CVE-2016-10088	Hig	7.0	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Dec 30, 2016	The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by lever
CVE-2016-9806	Hig	7.8	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Dec 28, 2016	Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a
CVE-2016-9794	Hig	7.8	< 3.12.67-60.64.24.1	3.12.67-60.64.24.1	Dec 28, 2016	Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START comm
CVE-2016-9793	Hig	7.8	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Dec 28, 2016	The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leverag
CVE-2016-9756	Med	5.5	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Dec 28, 2016	arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2016-9588	Med	5.5	< 3.12.61-52.72.1	3.12.61-52.72.1	Dec 28, 2016	arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.
CVE-2016-9576	Hig	7.8	< 3.12.67-60.64.24.1	3.12.67-60.64.24.1	Dec 28, 2016	The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access
CVE-2016-8655	Hig	7.8	< 3.12.67-60.64.21.1	3.12.67-60.64.21.1	Dec 8, 2016	Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockop
CVE-2016-9555	Cri	9.8	< 3.12.67-60.64.21.1	3.12.67-60.64.21.1	Nov 28, 2016	The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP
CVE-2016-9191	Med	5.5	< 3.12.74-60.64.40.1	3.12.74-60.64.40.1	Nov 28, 2016	The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by tr
CVE-2016-9084	Hig	7.8	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Nov 28, 2016	drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file.
CVE-2016-9083	Hig	7.8	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Nov 28, 2016	drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl
CVE-2016-8645	Med	5.5	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Nov 28, 2016	The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c.
CVE-2016-8633	Med	6.8	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Nov 28, 2016	drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.
CVE-2016-8632	Hig	7.8	< 3.12.67-60.64.21.1	3.12.67-60.64.21.1	Nov 28, 2016	The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflo
CVE-2016-7915	Med	5.5	< 3.12.61-52.125.1	3.12.61-52.125.1	Nov 16, 2016	The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech D
CVE-2016-7914	Med	5.5	< 3.12.69-60.64.29.1	3.12.69-60.64.29.1	Nov 16, 2016	The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference

CVE-2016-10208MedFeb 6, 2017
affected < 3.12.61-52.72.1fixed 3.12.61-52.72.1
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.
CVE-2017-2584HigJan 15, 2017
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.
CVE-2016-8399HigJan 12, 2017
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and curren
CVE-2016-10088HigDec 30, 2016
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by lever
CVE-2016-9806HigDec 28, 2016
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a
CVE-2016-9794HigDec 28, 2016
affected < 3.12.67-60.64.24.1fixed 3.12.67-60.64.24.1
Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START comm
CVE-2016-9793HigDec 28, 2016
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leverag
CVE-2016-9756MedDec 28, 2016
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2016-9588MedDec 28, 2016
affected < 3.12.61-52.72.1fixed 3.12.61-52.72.1
arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.
CVE-2016-9576HigDec 28, 2016
affected < 3.12.67-60.64.24.1fixed 3.12.67-60.64.24.1
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access
CVE-2016-8655HigDec 8, 2016
affected < 3.12.67-60.64.21.1fixed 3.12.67-60.64.21.1
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockop
CVE-2016-9555CriNov 28, 2016
affected < 3.12.67-60.64.21.1fixed 3.12.67-60.64.21.1
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP
CVE-2016-9191MedNov 28, 2016
affected < 3.12.74-60.64.40.1fixed 3.12.74-60.64.40.1
The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by tr
CVE-2016-9084HigNov 28, 2016
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file.
CVE-2016-9083HigNov 28, 2016
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl
CVE-2016-8645MedNov 28, 2016
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c.
CVE-2016-8633MedNov 28, 2016
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.
CVE-2016-8632HigNov 28, 2016
affected < 3.12.67-60.64.21.1fixed 3.12.67-60.64.21.1
The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflo
CVE-2016-7915MedNov 16, 2016
affected < 3.12.61-52.125.1fixed 3.12.61-52.125.1
The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech D
CVE-2016-7914MedNov 16, 2016
affected < 3.12.69-60.64.29.1fixed 3.12.69-60.64.29.1
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference

Page 14 of 21