rpm package

suse/kernel-rt&distro=SUSE Linux Enterprise Real Time 11 SP4

pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4

Vulnerabilities (252)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-1000407	Hig	7.4	< 3.0.101.rt130-69.39.1	3.0.101.rt130-69.39.1	Dec 11, 2017	The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
CVE-2017-17450	Hig	7.8	< 3.0.101.rt130-69.14.1	3.0.101.rt130-69.14.1	Dec 7, 2017	net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all
CVE-2017-13167	Hig	7.8	< 3.0.101.rt130-69.14.1	3.0.101.rt130-69.14.1	Dec 6, 2017	An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.
CVE-2017-13166	Hig	7.8	< 3.0.101.rt130-69.24.1	3.0.101.rt130-69.24.1	Dec 6, 2017	An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.
CVE-2017-15868	Hig	7.8	< 3.0.101.rt130-69.14.1	3.0.101.rt130-69.14.1	Dec 5, 2017	The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
CVE-2017-8824	Hig	7.8	< 3.0.101.rt130-69.14.1	3.0.101.rt130-69.14.1	Dec 5, 2017	The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
CVE-2017-16939	Hig	7.8	< 3.0.101.rt130-69.14.1	3.0.101.rt130-69.14.1	Nov 24, 2017	The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink message
CVE-2017-12190	Med	6.5	< 3.0.101.rt130-69.24.1	3.0.101.rt130-69.24.1	Nov 22, 2017	The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference
CVE-2017-0861	Hig	7.8	< 3.0.101.rt130-69.24.1	3.0.101.rt130-69.24.1	Nov 16, 2017	Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.
CVE-2017-15115	Hig	7.8	< 3.0.101.rt130-69.14.1	3.0.101.rt130-69.14.1	Nov 15, 2017	The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other imp
CVE-2017-15102	Med	6.3	< 3.0.101.rt130-69.14.1	3.0.101.rt130-69.14.1	Nov 15, 2017	The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a
CVE-2017-16649	Med	6.6	< 3.0.101.rt130-69.14.1	3.0.101.rt130-69.14.1	Nov 7, 2017	The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16644	Med	6.6	< 3.0.101.rt130-69.24.1	3.0.101.rt130-69.24.1	Nov 7, 2017	The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16538	Med	6.6	< 3.0.101.rt130-69.14.1	3.0.101.rt130-69.14.1	Nov 4, 2017	drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and inc
CVE-2017-16537	Med	6.6	< 3.0.101.rt130-69.14.1	3.0.101.rt130-69.14.1	Nov 4, 2017	The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16536	Med	6.6	< 3.0.101.rt130-69.14.1	3.0.101.rt130-69.14.1	Nov 4, 2017	The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16535	Med	6.6	< 3.0.101.rt130-69.14.1	3.0.101.rt130-69.14.1	Nov 4, 2017	The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16534	Med	6.8	< 3.0.101.rt130-69.14.1	3.0.101.rt130-69.14.1	Nov 4, 2017	The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16533	Med	6.6	< 3.0.101.rt130-69.39.1	3.0.101.rt130-69.39.1	Nov 4, 2017	The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16531	Med	6.6	< 3.0.101.rt130-69.14.1	3.0.101.rt130-69.14.1	Nov 4, 2017	drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.

CVE-2017-1000407HigDec 11, 2017
affected < 3.0.101.rt130-69.39.1fixed 3.0.101.rt130-69.39.1
The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.
CVE-2017-17450HigDec 7, 2017
affected < 3.0.101.rt130-69.14.1fixed 3.0.101.rt130-69.14.1
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all
CVE-2017-13167HigDec 6, 2017
affected < 3.0.101.rt130-69.14.1fixed 3.0.101.rt130-69.14.1
An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.
CVE-2017-13166HigDec 6, 2017
affected < 3.0.101.rt130-69.24.1fixed 3.0.101.rt130-69.24.1
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.
CVE-2017-15868HigDec 5, 2017
affected < 3.0.101.rt130-69.14.1fixed 3.0.101.rt130-69.14.1
The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.
CVE-2017-8824HigDec 5, 2017
affected < 3.0.101.rt130-69.14.1fixed 3.0.101.rt130-69.14.1
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
CVE-2017-16939HigNov 24, 2017
affected < 3.0.101.rt130-69.14.1fixed 3.0.101.rt130-69.14.1
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink message
CVE-2017-12190MedNov 22, 2017
affected < 3.0.101.rt130-69.24.1fixed 3.0.101.rt130-69.24.1
The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference
CVE-2017-0861HigNov 16, 2017
affected < 3.0.101.rt130-69.24.1fixed 3.0.101.rt130-69.24.1
Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.
CVE-2017-15115HigNov 15, 2017
affected < 3.0.101.rt130-69.14.1fixed 3.0.101.rt130-69.14.1
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other imp
CVE-2017-15102MedNov 15, 2017
affected < 3.0.101.rt130-69.14.1fixed 3.0.101.rt130-69.14.1
The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a
CVE-2017-16649MedNov 7, 2017
affected < 3.0.101.rt130-69.14.1fixed 3.0.101.rt130-69.14.1
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16644MedNov 7, 2017
affected < 3.0.101.rt130-69.24.1fixed 3.0.101.rt130-69.24.1
The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16538MedNov 4, 2017
affected < 3.0.101.rt130-69.14.1fixed 3.0.101.rt130-69.14.1
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and inc
CVE-2017-16537MedNov 4, 2017
affected < 3.0.101.rt130-69.14.1fixed 3.0.101.rt130-69.14.1
The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16536MedNov 4, 2017
affected < 3.0.101.rt130-69.14.1fixed 3.0.101.rt130-69.14.1
The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16535MedNov 4, 2017
affected < 3.0.101.rt130-69.14.1fixed 3.0.101.rt130-69.14.1
The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16534MedNov 4, 2017
affected < 3.0.101.rt130-69.14.1fixed 3.0.101.rt130-69.14.1
The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16533MedNov 4, 2017
affected < 3.0.101.rt130-69.39.1fixed 3.0.101.rt130-69.39.1
The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVE-2017-16531MedNov 4, 2017
affected < 3.0.101.rt130-69.14.1fixed 3.0.101.rt130-69.14.1
drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.

Page 4 of 13