rpm package
suse/kernel-obs-build&distro=SUSE Linux Enterprise Software Development Kit 12 SP2
pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2
Vulnerabilities (124)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-7117 | Cri | 9.8 | < 4.4.49-92.11.1 | 4.4.49-92.11.1 | Oct 10, 2016 | Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. | |
| CVE-2016-2117 | Hig | 7.5 | < 4.4.59-92.17.3 | 4.4.59-92.17.3 | May 2, 2016 | The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. | |
| CVE-2015-1350 | Med | 5.5 | < 4.4.38-93.1 | 4.4.38-93.1 | May 2, 2016 | The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system | |
| CVE-2015-8709 | Hig | 7.0 | < 4.4.49-92.11.1 | 4.4.49-92.11.1 | Feb 8, 2016 | kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. N |
- affected < 4.4.49-92.11.1fixed 4.4.49-92.11.1
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
- affected < 4.4.59-92.17.3fixed 4.4.59-92.17.3
The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.
- affected < 4.4.38-93.1fixed 4.4.38-93.1
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system
- affected < 4.4.49-92.11.1fixed 4.4.49-92.11.1
kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. N
Page 7 of 7