rpm package

suse/kernel-rt_trace&distro=SUSE Linux Enterprise Real Time 11 SP4

pkg:rpm/suse/kernel-rt_trace&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4

Vulnerabilities (252)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-1000363	Hig	7.8	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	Jul 17, 2017	Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the a
CVE-2017-11176	Hig	7.8	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	Jul 11, 2017	The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other imp
CVE-2017-1000365	Hig	7.8	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	Jun 19, 2017	The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects
CVE-2017-1000364	Hig	7.4	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	Jun 19, 2017	An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduce
CVE-2017-1000380	Med	5.5	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	Jun 17, 2017	sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happ
CVE-2017-9242	Med	5.5	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	May 27, 2017	The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
CVE-2017-9077	Hig	7.8	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	May 19, 2017	The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9076	Hig	7.8	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	May 19, 2017	The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9075	Hig	7.8	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	May 19, 2017	The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9074	Hig	7.8	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	May 19, 2017	The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact
CVE-2017-7487	Hig	7.8	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	May 14, 2017	The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.
CVE-2017-8925	Med	5.5	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	May 12, 2017	The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.
CVE-2017-8924	Med	4.6	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	May 12, 2017	The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial
CVE-2017-7472	Med	5.5	< 3.0.101.rt130-69.14.1	3.0.101.rt130-69.14.1	May 11, 2017	The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
CVE-2017-8890	Hig	7.8	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	May 10, 2017	The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
CVE-2017-8831	Med	6.4	< 3.0.101.rt130-69.8.1	3.0.101.rt130-69.8.1	May 8, 2017	The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "do
CVE-2017-7616	Med	5.5	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	Apr 10, 2017	Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.
CVE-2017-2671	Med	5.5	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	Apr 5, 2017	The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the
CVE-2014-9922	Hig	7.8	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	Apr 4, 2017	The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.
CVE-2017-2647	Hig	7.8	< 3.0.101.rt130-69.5.1	3.0.101.rt130-69.5.1	Mar 31, 2017	The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyri

CVE-2017-1000363HigJul 17, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the a
CVE-2017-11176HigJul 11, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other imp
CVE-2017-1000365HigJun 19, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects
CVE-2017-1000364HigJun 19, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduce
CVE-2017-1000380MedJun 17, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happ
CVE-2017-9242MedMay 27, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
CVE-2017-9077HigMay 19, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9076HigMay 19, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9075HigMay 19, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9074HigMay 19, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact
CVE-2017-7487HigMay 14, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface.
CVE-2017-8925MedMay 12, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.
CVE-2017-8924MedMay 12, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial
CVE-2017-7472MedMay 11, 2017
affected < 3.0.101.rt130-69.14.1fixed 3.0.101.rt130-69.14.1
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
CVE-2017-8890HigMay 10, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
CVE-2017-8831MedMay 8, 2017
affected < 3.0.101.rt130-69.8.1fixed 3.0.101.rt130-69.8.1
The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "do
CVE-2017-7616MedApr 10, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.
CVE-2017-2671MedApr 5, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the
CVE-2014-9922HigApr 4, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.
CVE-2017-2647HigMar 31, 2017
affected < 3.0.101.rt130-69.5.1fixed 3.0.101.rt130-69.5.1
The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyri

Page 6 of 13