rpm package

suse/kernel-trace&distro=SUSE Linux Enterprise Server 11 SP3-LTSS

pkg:rpm/suse/kernel-trace&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS

Vulnerabilities (238)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-2847	Med	6.2	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 27, 2016	fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
CVE-2016-2782	Med	4.6	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 27, 2016	The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1
CVE-2016-2549	Med	6.2	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 27, 2016	sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.
CVE-2016-2548	Med	6.2	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 27, 2016	sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.
CVE-2016-2547	Med	5.1	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 27, 2016	sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.
CVE-2016-2546	Med	5.1	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 27, 2016	sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.
CVE-2016-2545	Med	5.1	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 27, 2016	The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call.
CVE-2016-2544	Med	5.1	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 27, 2016	Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.
CVE-2016-2543	Med	6.2	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 27, 2016	The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafte
CVE-2016-2384	Med	4.6	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 27, 2016	Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
CVE-2016-2184	Med	4.6	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 27, 2016	The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value i
CVE-2016-2143	Hig	7.8	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 27, 2016	The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/i
CVE-2016-2069	Hig	7.4	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 27, 2016	Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
CVE-2015-8816	Med	6.8	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 27, 2016	The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspe
CVE-2015-8812	Cri	9.8	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 27, 2016	drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
CVE-2015-7515	Med	4.6	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 27, 2016	The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
CVE-2015-8550	Hig	8.2	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 14, 2016	Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
CVE-2015-8552	Med	4.4	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 13, 2016	The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with a
CVE-2015-8551	Med	6.0	< 3.0.101-0.47.79.1	3.0.101-0.47.79.1	Apr 13, 2016	The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with ac
CVE-2016-0823	Med	4.0	< 3.0.101-0.47.96.1	3.0.101-0.47.96.1	Mar 12, 2016	The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.

CVE-2016-2847MedApr 27, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
CVE-2016-2782MedApr 27, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1
CVE-2016-2549MedApr 27, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.
CVE-2016-2548MedApr 27, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.
CVE-2016-2547MedApr 27, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.
CVE-2016-2546MedApr 27, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.
CVE-2016-2545MedApr 27, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call.
CVE-2016-2544MedApr 27, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.
CVE-2016-2543MedApr 27, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment before proceeding with FIFO clearing, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafte
CVE-2016-2384MedApr 27, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.
CVE-2016-2184MedApr 27, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value i
CVE-2016-2143HigApr 27, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/i
CVE-2016-2069HigApr 27, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
CVE-2015-8816MedApr 27, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspe
CVE-2015-8812CriApr 27, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
CVE-2015-7515MedApr 27, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
CVE-2015-8550HigApr 14, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
CVE-2015-8552MedApr 13, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with a
CVE-2015-8551MedApr 13, 2016
affected < 3.0.101-0.47.79.1fixed 3.0.101-0.47.79.1
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with ac
CVE-2016-0823MedMar 12, 2016
affected < 3.0.101-0.47.96.1fixed 3.0.101-0.47.96.1
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.

Page 11 of 12