rpm package
suse/kernel-trace&distro=SUSE Linux Enterprise Desktop 11 SP4
pkg:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4
Vulnerabilities (48)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-8569 | Low | 2.3 | < 3.0.101-71.1 | 3.0.101-71.1 | Dec 28, 2015 | The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted applic | |
| CVE-2015-8543 | Hig | 7.0 | < 3.0.101-71.1 | 3.0.101-71.1 | Dec 28, 2015 | The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) | |
| CVE-2015-7990 | Med | 5.8 | < 3.0.101-68.1 | 3.0.101-68.1 | Dec 28, 2015 | Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. N | |
| CVE-2015-7509 | Med | 4.4 | < 3.0.101-68.1 | 3.0.101-68.1 | Dec 28, 2015 | fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. | |
| CVE-2013-7446 | Med | 5.3 | < 3.0.101-71.1 | 3.0.101-71.1 | Dec 28, 2015 | Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. | |
| CVE-2015-0272 | — | < 3.0.101-68.1 | 3.0.101-68.1 | Nov 17, 2015 | GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. | ||
| CVE-2015-8215 | — | < 3.0.101-68.1 | 3.0.101-68.1 | Nov 16, 2015 | net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) l | ||
| CVE-2015-8104 | Cri | 10.0 | < 3.0.101-68.1 | 3.0.101-68.1 | Nov 16, 2015 | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. | |
| CVE-2015-7872 | — | < 3.0.101-68.1 | 3.0.101-68.1 | Nov 16, 2015 | The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. | ||
| CVE-2015-5307 | — | < 3.0.101-68.1 | 3.0.101-68.1 | Nov 16, 2015 | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. | ||
| CVE-2015-7799 | — | < 3.0.101-68.1 | 3.0.101-68.1 | Oct 19, 2015 | The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call. | ||
| CVE-2015-6937 | — | < 3.0.101-68.1 | 3.0.101-68.1 | Oct 19, 2015 | The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. | ||
| CVE-2015-6252 | — | < 3.0.101-65.1 | 3.0.101-65.1 | Oct 19, 2015 | The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation. | ||
| CVE-2015-5707 | — | < 3.0.101-65.1 | 3.0.101-65.1 | Oct 19, 2015 | Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. | ||
| CVE-2015-5366 | — | < 3.0.101-65.1 | 3.0.101-65.1 | Aug 31, 2015 | The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a differ | ||
| CVE-2015-5364 | — | < 3.0.101-65.1 | 3.0.101-65.1 | Aug 31, 2015 | The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood. | ||
| CVE-2015-5157 | — | < 3.0.101-68.1 | 3.0.101-68.1 | Aug 31, 2015 | arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. | ||
| CVE-2015-4700 | — | < 3.0.101-65.1 | 3.0.101-65.1 | Aug 31, 2015 | The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler. | ||
| CVE-2014-9731 | — | < 3.0.101-65.1 | 3.0.101-65.1 | Aug 31, 2015 | The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to | ||
| CVE-2014-9730 | — | < 3.0.101-65.1 | 3.0.101-65.1 | Aug 31, 2015 | The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image. |
- affected < 3.0.101-71.1fixed 3.0.101-71.1
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted applic
- affected < 3.0.101-71.1fixed 3.0.101-71.1
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash)
- affected < 3.0.101-68.1fixed 3.0.101-68.1
Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. N
- affected < 3.0.101-68.1fixed 3.0.101-68.1
fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015.
- affected < 3.0.101-71.1fixed 3.0.101-71.1
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.
- CVE-2015-0272Nov 17, 2015affected < 3.0.101-68.1fixed 3.0.101-68.1
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.
- CVE-2015-8215Nov 16, 2015affected < 3.0.101-68.1fixed 3.0.101-68.1
net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) l
- affected < 3.0.101-68.1fixed 3.0.101-68.1
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
- CVE-2015-7872Nov 16, 2015affected < 3.0.101-68.1fixed 3.0.101-68.1
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
- CVE-2015-5307Nov 16, 2015affected < 3.0.101-68.1fixed 3.0.101-68.1
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
- CVE-2015-7799Oct 19, 2015affected < 3.0.101-68.1fixed 3.0.101-68.1
The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call.
- CVE-2015-6937Oct 19, 2015affected < 3.0.101-68.1fixed 3.0.101-68.1
The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.
- CVE-2015-6252Oct 19, 2015affected < 3.0.101-65.1fixed 3.0.101-65.1
The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation.
- CVE-2015-5707Oct 19, 2015affected < 3.0.101-65.1fixed 3.0.101-65.1
Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.
- CVE-2015-5366Aug 31, 2015affected < 3.0.101-65.1fixed 3.0.101-65.1
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a differ
- CVE-2015-5364Aug 31, 2015affected < 3.0.101-65.1fixed 3.0.101-65.1
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.
- CVE-2015-5157Aug 31, 2015affected < 3.0.101-68.1fixed 3.0.101-68.1
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.
- CVE-2015-4700Aug 31, 2015affected < 3.0.101-65.1fixed 3.0.101-65.1
The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.
- CVE-2014-9731Aug 31, 2015affected < 3.0.101-65.1fixed 3.0.101-65.1
The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted filesystem image, related to
- CVE-2014-9730Aug 31, 2015affected < 3.0.101-65.1fixed 3.0.101-65.1
The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allows local users to cause a denial of service (system crash) via a crafted UDF filesystem image.
Page 2 of 3