rpm package

suse/kernel-source&distro=SUSE Linux Enterprise Server for SAP Applications 12

pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Vulnerabilities (168)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-2069	Hig	7.4	< 3.12.55-52.42.1	3.12.55-52.42.1	Apr 27, 2016	Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
CVE-2016-0774	Med	6.8	< 3.12.55-52.42.1	3.12.55-52.42.1	Apr 27, 2016	The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side
CVE-2015-8845	Med	5.5	< 3.12.60-52.49.1	3.12.60-52.49.1	Apr 27, 2016	The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exceptio
CVE-2015-8816	Med	6.8	< 3.12.60-52.49.1	3.12.60-52.49.1	Apr 27, 2016	The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspe
CVE-2015-8812	Cri	9.8	< 3.12.55-52.42.1	3.12.55-52.42.1	Apr 27, 2016	drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
CVE-2015-8550	Hig	8.2	< 3.12.51-52.34.1	3.12.51-52.34.1	Apr 14, 2016	Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
CVE-2015-8552	Med	4.4	< 3.12.51-52.34.1	3.12.51-52.34.1	Apr 13, 2016	The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with a
CVE-2015-8551	Med	6.0	< 3.12.51-52.34.1	3.12.51-52.34.1	Apr 13, 2016	The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with ac
CVE-2016-0728	Hig	7.8	< 3.12.51-52.39.1	3.12.51-52.39.1	Feb 8, 2016	The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyc
CVE-2016-0723	Med	6.8	< 3.12.55-52.42.1	3.12.55-52.42.1	Feb 8, 2016	Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processin
CVE-2015-8785	Med	6.2	< 3.12.55-52.42.1	3.12.55-52.42.1	Feb 8, 2016	The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
CVE-2015-8767	Med	6.2	< 3.12.55-52.42.1	3.12.55-52.42.1	Feb 8, 2016	net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
CVE-2015-8709	Hig	7.0	< 3.12.55-52.42.1	3.12.55-52.42.1	Feb 8, 2016	kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. N
CVE-2015-8575	Med	4.0	< 3.12.51-52.34.1	3.12.51-52.34.1	Feb 8, 2016	The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
CVE-2015-8539	Hig	7.8	< 3.12.51-52.34.1	3.12.51-52.34.1	Feb 8, 2016	The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/key
CVE-2015-7550	Med	5.5	< 3.12.51-52.34.1	3.12.51-52.34.1	Feb 8, 2016	The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted app
CVE-2015-8569	Low	2.3	< 3.12.51-52.34.1	3.12.51-52.34.1	Dec 28, 2015	The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted applic
CVE-2015-8543	Hig	7.0	< 3.12.51-52.34.1	3.12.51-52.34.1	Dec 28, 2015	The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash)
CVE-2015-7990	Med	5.8	< 3.12.51-52.31.1	3.12.51-52.31.1	Dec 28, 2015	Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. N
CVE-2013-7446	Med	5.3	< 3.12.55-52.42.1	3.12.55-52.42.1	Dec 28, 2015	Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.

CVE-2016-2069HigApr 27, 2016
affected < 3.12.55-52.42.1fixed 3.12.55-52.42.1
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
CVE-2016-0774MedApr 27, 2016
affected < 3.12.55-52.42.1fixed 3.12.55-52.42.1
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side
CVE-2015-8845MedApr 27, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exceptio
CVE-2015-8816MedApr 27, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspe
CVE-2015-8812CriApr 27, 2016
affected < 3.12.55-52.42.1fixed 3.12.55-52.42.1
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
CVE-2015-8550HigApr 14, 2016
affected < 3.12.51-52.34.1fixed 3.12.51-52.34.1
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
CVE-2015-8552MedApr 13, 2016
affected < 3.12.51-52.34.1fixed 3.12.51-52.34.1
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with a
CVE-2015-8551MedApr 13, 2016
affected < 3.12.51-52.34.1fixed 3.12.51-52.34.1
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with ac
CVE-2016-0728HigFeb 8, 2016
affected < 3.12.51-52.39.1fixed 3.12.51-52.39.1
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyc
CVE-2016-0723MedFeb 8, 2016
affected < 3.12.55-52.42.1fixed 3.12.55-52.42.1
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processin
CVE-2015-8785MedFeb 8, 2016
affected < 3.12.55-52.42.1fixed 3.12.55-52.42.1
The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.
CVE-2015-8767MedFeb 8, 2016
affected < 3.12.55-52.42.1fixed 3.12.55-52.42.1
net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.
CVE-2015-8709HigFeb 8, 2016
affected < 3.12.55-52.42.1fixed 3.12.55-52.42.1
kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. N
CVE-2015-8575MedFeb 8, 2016
affected < 3.12.51-52.34.1fixed 3.12.51-52.34.1
The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
CVE-2015-8539HigFeb 8, 2016
affected < 3.12.51-52.34.1fixed 3.12.51-52.34.1
The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/key
CVE-2015-7550MedFeb 8, 2016
affected < 3.12.51-52.34.1fixed 3.12.51-52.34.1
The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted app
CVE-2015-8569LowDec 28, 2015
affected < 3.12.51-52.34.1fixed 3.12.51-52.34.1
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted applic
CVE-2015-8543HigDec 28, 2015
affected < 3.12.51-52.34.1fixed 3.12.51-52.34.1
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash)
CVE-2015-7990MedDec 28, 2015
affected < 3.12.51-52.31.1fixed 3.12.51-52.31.1
Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. N
CVE-2013-7446MedDec 28, 2015
affected < 3.12.55-52.42.1fixed 3.12.55-52.42.1
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.

Page 6 of 9