rpm package

suse/kernel-xen&distro=SUSE Linux Enterprise Server 12-LTSS

pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Vulnerabilities (221)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-8658	Med	6.1	< 3.12.61-52.66.1	3.12.61-52.66.1	Oct 16, 2016	Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long
CVE-2016-7425	Hig	7.8	< 3.12.61-52.66.1	3.12.61-52.66.1	Oct 16, 2016	The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_W
CVE-2016-7097	Med	4.4	< 3.12.61-52.66.1	3.12.61-52.66.1	Oct 16, 2016	The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
CVE-2016-7042	Med	6.2	< 3.12.61-52.66.1	3.12.61-52.66.1	Oct 16, 2016	The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory co
CVE-2016-6828	Med	5.5	< 3.12.61-52.66.1	3.12.61-52.66.1	Oct 16, 2016	The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a c
CVE-2016-6327	Med	5.5	< 3.12.61-52.66.1	3.12.61-52.66.1	Oct 16, 2016	drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation.
CVE-2016-7117	Cri	9.8	< 3.12.61-52.72.1	3.12.61-52.72.1	Oct 10, 2016	Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
CVE-2015-8956	Med	6.1	< 3.12.61-52.66.1	3.12.61-52.66.1	Oct 10, 2016	The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.
CVE-2016-6480	Med	5.1	< 3.12.61-52.66.1	3.12.61-52.66.1	Aug 6, 2016	Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.
CVE-2016-5696	Med	4.8	< 3.12.61-52.66.1	3.12.61-52.66.1	Aug 6, 2016	net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
CVE-2016-3070	Hig	7.8	< 3.12.61-52.72.1	3.12.61-52.72.1	Aug 6, 2016	The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified
CVE-2016-6130	Med	4.7	< 3.12.61-52.66.1	3.12.61-52.66.1	Jul 3, 2016	Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability.
CVE-2016-4997	Hig	7.8	< 3.12.61-52.66.1	3.12.61-52.66.1	Jul 3, 2016	The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a c
CVE-2016-5829	Hig	7.8	< 3.12.61-52.66.1	3.12.61-52.66.1	Jun 27, 2016	Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES i
CVE-2016-5828	Hig	7.8	< 3.12.61-52.66.1	3.12.61-52.66.1	Jun 27, 2016	The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly
CVE-2016-5243	Med	5.5	< 3.12.61-52.72.1	3.12.61-52.72.1	Jun 27, 2016	The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
CVE-2016-4470	Med	5.5	< 3.12.61-52.66.1	3.12.61-52.66.1	Jun 27, 2016	The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
CVE-2014-9904	Hig	7.8	< 3.12.61-52.66.1	3.12.61-52.66.1	Jun 27, 2016	The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have un
CVE-2016-2117	Hig	7.5	< 3.12.61-52.72.1	3.12.61-52.72.1	May 2, 2016	The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.
CVE-2015-1350	Med	5.5	< 3.12.61-52.72.1	3.12.61-52.72.1	May 2, 2016	The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system

CVE-2016-8658MedOct 16, 2016
affected < 3.12.61-52.66.1fixed 3.12.61-52.66.1
Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long
CVE-2016-7425HigOct 16, 2016
affected < 3.12.61-52.66.1fixed 3.12.61-52.66.1
The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_W
CVE-2016-7097MedOct 16, 2016
affected < 3.12.61-52.66.1fixed 3.12.61-52.66.1
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.
CVE-2016-7042MedOct 16, 2016
affected < 3.12.61-52.66.1fixed 3.12.61-52.66.1
The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory co
CVE-2016-6828MedOct 16, 2016
affected < 3.12.61-52.66.1fixed 3.12.61-52.66.1
The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a c
CVE-2016-6327MedOct 16, 2016
affected < 3.12.61-52.66.1fixed 3.12.61-52.66.1
drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation.
CVE-2016-7117CriOct 10, 2016
affected < 3.12.61-52.72.1fixed 3.12.61-52.72.1
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
CVE-2015-8956MedOct 10, 2016
affected < 3.12.61-52.66.1fixed 3.12.61-52.66.1
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.
CVE-2016-6480MedAug 6, 2016
affected < 3.12.61-52.66.1fixed 3.12.61-52.66.1
Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.
CVE-2016-5696MedAug 6, 2016
affected < 3.12.61-52.66.1fixed 3.12.61-52.66.1
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
CVE-2016-3070HigAug 6, 2016
affected < 3.12.61-52.72.1fixed 3.12.61-52.72.1
The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified
CVE-2016-6130MedJul 3, 2016
affected < 3.12.61-52.66.1fixed 3.12.61-52.66.1
Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability.
CVE-2016-4997HigJul 3, 2016
affected < 3.12.61-52.66.1fixed 3.12.61-52.66.1
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a c
CVE-2016-5829HigJun 27, 2016
affected < 3.12.61-52.66.1fixed 3.12.61-52.66.1
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES i
CVE-2016-5828HigJun 27, 2016
affected < 3.12.61-52.66.1fixed 3.12.61-52.66.1
The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly
CVE-2016-5243MedJun 27, 2016
affected < 3.12.61-52.72.1fixed 3.12.61-52.72.1
The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
CVE-2016-4470MedJun 27, 2016
affected < 3.12.61-52.66.1fixed 3.12.61-52.66.1
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
CVE-2014-9904HigJun 27, 2016
affected < 3.12.61-52.66.1fixed 3.12.61-52.66.1
The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have un
CVE-2016-2117HigMay 2, 2016
affected < 3.12.61-52.72.1fixed 3.12.61-52.72.1
The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.
CVE-2015-1350MedMay 2, 2016
affected < 3.12.61-52.72.1fixed 3.12.61-52.72.1
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system

Page 11 of 12