rpm package

suse/kernel-xen&distro=SUSE Linux Enterprise Server 11 SP2-LTSS

pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS

Vulnerabilities (113)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-7097	Med	4.4	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	Oct 16, 2016	The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
CVE-2016-7042	Med	6.2	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	Oct 16, 2016	The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory co
CVE-2016-6828	Med	5.5	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	Oct 16, 2016	The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a c
CVE-2016-7117	Cri	9.8	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	Oct 10, 2016	Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
CVE-2015-8956	Med	6.1	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	Oct 10, 2016	The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.
CVE-2016-6480	Med	5.1	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	Aug 6, 2016	Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.
CVE-2016-3841	Hig	7.3	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	Aug 6, 2016	The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.
CVE-2016-4997	Hig	7.8	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	Jul 3, 2016	The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a c
CVE-2016-5829	Hig	7.8	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	Jun 27, 2016	Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES i
CVE-2016-5244	Hig	7.5	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	Jun 27, 2016	The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
CVE-2016-4470	Med	5.5	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	Jun 27, 2016	The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
CVE-2016-1583	Hig	7.8	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	Jun 27, 2016	The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefau
CVE-2016-4913	Hig	7.8	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	May 23, 2016	The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via
CVE-2016-4805	Hig	7.8	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	May 23, 2016	Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to t
CVE-2016-4580	Hig	7.5	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	May 23, 2016	The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.
CVE-2016-4578	Med	5.5	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	May 23, 2016	sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) sn
CVE-2016-4569	Med	5.5	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	May 23, 2016	The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
CVE-2016-4565	Hig	7.8	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	May 23, 2016	The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
CVE-2016-4486	Low	3.3	< 3.0.101-0.7.40.1	3.0.101-0.7.40.1	May 23, 2016	The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
CVE-2016-4485	Hig	7.5	< 3.0.101-0.7.53.1	3.0.101-0.7.53.1	May 23, 2016	The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.

CVE-2016-7097MedOct 16, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
CVE-2016-7042MedOct 16, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory co
CVE-2016-6828MedOct 16, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a c
CVE-2016-7117CriOct 10, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
CVE-2015-8956MedOct 10, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.
CVE-2016-6480MedAug 6, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.
CVE-2016-3841HigAug 6, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.
CVE-2016-4997HigJul 3, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a c
CVE-2016-5829HigJun 27, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES i
CVE-2016-5244HigJun 27, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
CVE-2016-4470MedJun 27, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
CVE-2016-1583HigJun 27, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefau
CVE-2016-4913HigMay 23, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via
CVE-2016-4805HigMay 23, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to t
CVE-2016-4580HigMay 23, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.
CVE-2016-4578MedMay 23, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) sn
CVE-2016-4569MedMay 23, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
CVE-2016-4565HigMay 23, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
CVE-2016-4486LowMay 23, 2016
affected < 3.0.101-0.7.40.1fixed 3.0.101-0.7.40.1
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
CVE-2016-4485HigMay 23, 2016
affected < 3.0.101-0.7.53.1fixed 3.0.101-0.7.53.1
The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.

Page 2 of 6