rpm package

suse/kernel-source-rt&distro=SUSE Linux Enterprise Real Time 12 SP2

pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP2

Vulnerabilities (93)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-6074	Hig	7.8	< 4.4.74-7.10.1	4.4.74-7.10.1	Feb 18, 2017	The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that
CVE-2017-5986	Med	5.5	< 4.4.74-7.10.1	4.4.74-7.10.1	Feb 18, 2017	Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.
CVE-2017-5970	Hig	7.5	< 4.4.74-7.10.1	4.4.74-7.10.1	Feb 14, 2017	The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.
CVE-2017-5577	Med	5.5	< 4.4.74-7.10.1	4.4.74-7.10.1	Feb 6, 2017	The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via
CVE-2017-5576	Hig	7.8	< 4.4.74-7.10.1	4.4.74-7.10.1	Feb 6, 2017	Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl c
CVE-2017-5551	Med	4.4	< 4.4.74-7.10.1	4.4.74-7.10.1	Feb 6, 2017	The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on exec
CVE-2017-2596	Med	6.5	< 4.4.74-7.10.1	4.4.74-7.10.1	Feb 6, 2017	The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references.
CVE-2017-2583	Hig	8.4	< 4.4.74-7.10.1	4.4.74-7.10.1	Feb 6, 2017	The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted app
CVE-2017-2584	Hig	7.1	< 4.4.74-7.10.1	4.4.74-7.10.1	Jan 15, 2017	arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.
CVE-2016-9191	Med	5.5	< 4.4.74-7.10.1	4.4.74-7.10.1	Nov 28, 2016	The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by tr
CVE-2016-7117	Cri	9.8	< 4.4.74-7.10.1	4.4.74-7.10.1	Oct 10, 2016	Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
CVE-2016-4997	Hig	7.8	< 4.4.74-7.10.1	4.4.74-7.10.1	Jul 3, 2016	The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a c
CVE-2016-2117	Hig	7.5	< 4.4.74-7.10.1	4.4.74-7.10.1	May 2, 2016	The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.

CVE-2017-6074HigFeb 18, 2017
affected < 4.4.74-7.10.1fixed 4.4.74-7.10.1
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that
CVE-2017-5986MedFeb 18, 2017
affected < 4.4.74-7.10.1fixed 4.4.74-7.10.1
Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.
CVE-2017-5970HigFeb 14, 2017
affected < 4.4.74-7.10.1fixed 4.4.74-7.10.1
The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.
CVE-2017-5577MedFeb 6, 2017
affected < 4.4.74-7.10.1fixed 4.4.74-7.10.1
The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via
CVE-2017-5576HigFeb 6, 2017
affected < 4.4.74-7.10.1fixed 4.4.74-7.10.1
Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl c
CVE-2017-5551MedFeb 6, 2017
affected < 4.4.74-7.10.1fixed 4.4.74-7.10.1
The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on exec
CVE-2017-2596MedFeb 6, 2017
affected < 4.4.74-7.10.1fixed 4.4.74-7.10.1
The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references.
CVE-2017-2583HigFeb 6, 2017
affected < 4.4.74-7.10.1fixed 4.4.74-7.10.1
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted app
CVE-2017-2584HigJan 15, 2017
affected < 4.4.74-7.10.1fixed 4.4.74-7.10.1
arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.
CVE-2016-9191MedNov 28, 2016
affected < 4.4.74-7.10.1fixed 4.4.74-7.10.1
The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by tr
CVE-2016-7117CriOct 10, 2016
affected < 4.4.74-7.10.1fixed 4.4.74-7.10.1
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
CVE-2016-4997HigJul 3, 2016
affected < 4.4.74-7.10.1fixed 4.4.74-7.10.1
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a c
CVE-2016-2117HigMay 2, 2016
affected < 4.4.74-7.10.1fixed 4.4.74-7.10.1
The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.

Page 5 of 5