rpm package

suse/kernel-xen&distro=SUSE Linux Enterprise Server 12-LTSS

pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Vulnerabilities (221)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-12153	Med	4.4	< 3.12.61-52.101.1	3.12.61-52.101.1	Sep 21, 2017	A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_N
CVE-2017-1000251	Hig	8.0	< 3.12.61-52.92.1	3.12.61-52.92.1	Sep 12, 2017	The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel spa
CVE-2017-14140	Med	5.5	< 3.12.61-52.101.1	3.12.61-52.101.1	Sep 5, 2017	The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.
CVE-2017-14106	Med	5.5	< 3.12.61-52.101.1	3.12.61-52.101.1	Sep 1, 2017	The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.
CVE-2017-14051	Med	4.4	< 3.12.61-52.101.1	3.12.61-52.101.1	Aug 31, 2017	An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.
CVE-2017-10661	Hig	7.0	< 3.12.61-52.101.1	3.12.61-52.101.1	Aug 19, 2017	Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
CVE-2017-12762	Cri	9.8	< 3.12.61-52.101.1	3.12.61-52.101.1	Aug 9, 2017	In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.
CVE-2017-7533	Hig	7.0	< 3.12.61-52.83.1	3.12.61-52.83.1	Aug 5, 2017	Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename funct
CVE-2017-7541	Hig	7.8	< 3.12.61-52.101.1	3.12.61-52.101.1	Jul 25, 2017	The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netl
CVE-2017-11600	Hig	7.0	< 3.12.61-52.111.1	3.12.61-52.111.1	Jul 24, 2017	net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspe
CVE-2017-7542	Med	5.5	< 3.12.61-52.101.1	3.12.61-52.101.1	Jul 21, 2017	The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.
CVE-2017-1000363	Hig	7.8	< 3.12.61-52.101.1	3.12.61-52.101.1	Jul 17, 2017	Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the a
CVE-2017-11176	Hig	7.8	< 3.12.61-52.101.1	3.12.61-52.101.1	Jul 11, 2017	The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other imp
CVE-2017-1000365	Hig	7.8	< 3.12.61-52.101.1	3.12.61-52.101.1	Jun 19, 2017	The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects
CVE-2017-1000364	Hig	7.4	< 3.12.61-52.77.1	3.12.61-52.77.1	Jun 19, 2017	An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduce
CVE-2017-1000380	Med	5.5	< 3.12.61-52.101.1	3.12.61-52.101.1	Jun 17, 2017	sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happ
CVE-2017-9242	Med	5.5	< 3.12.61-52.101.1	3.12.61-52.101.1	May 27, 2017	The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
CVE-2017-9077	Hig	7.8	< 3.12.61-52.101.1	3.12.61-52.101.1	May 19, 2017	The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9076	Hig	7.8	< 3.12.61-52.101.1	3.12.61-52.101.1	May 19, 2017	The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9075	Hig	7.8	< 3.12.61-52.101.1	3.12.61-52.101.1	May 19, 2017	The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.

CVE-2017-12153MedSep 21, 2017
affected < 3.12.61-52.101.1fixed 3.12.61-52.101.1
A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_N
CVE-2017-1000251HigSep 12, 2017
affected < 3.12.61-52.92.1fixed 3.12.61-52.92.1
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel spa
CVE-2017-14140MedSep 5, 2017
affected < 3.12.61-52.101.1fixed 3.12.61-52.101.1
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.
CVE-2017-14106MedSep 1, 2017
affected < 3.12.61-52.101.1fixed 3.12.61-52.101.1
The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.
CVE-2017-14051MedAug 31, 2017
affected < 3.12.61-52.101.1fixed 3.12.61-52.101.1
An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.
CVE-2017-10661HigAug 19, 2017
affected < 3.12.61-52.101.1fixed 3.12.61-52.101.1
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
CVE-2017-12762CriAug 9, 2017
affected < 3.12.61-52.101.1fixed 3.12.61-52.101.1
In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.
CVE-2017-7533HigAug 5, 2017
affected < 3.12.61-52.83.1fixed 3.12.61-52.83.1
Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename funct
CVE-2017-7541HigJul 25, 2017
affected < 3.12.61-52.101.1fixed 3.12.61-52.101.1
The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netl
CVE-2017-11600HigJul 24, 2017
affected < 3.12.61-52.111.1fixed 3.12.61-52.111.1
net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspe
CVE-2017-7542MedJul 21, 2017
affected < 3.12.61-52.101.1fixed 3.12.61-52.101.1
The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.
CVE-2017-1000363HigJul 17, 2017
affected < 3.12.61-52.101.1fixed 3.12.61-52.101.1
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the a
CVE-2017-11176HigJul 11, 2017
affected < 3.12.61-52.101.1fixed 3.12.61-52.101.1
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other imp
CVE-2017-1000365HigJun 19, 2017
affected < 3.12.61-52.101.1fixed 3.12.61-52.101.1
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects
CVE-2017-1000364HigJun 19, 2017
affected < 3.12.61-52.77.1fixed 3.12.61-52.77.1
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduce
CVE-2017-1000380MedJun 17, 2017
affected < 3.12.61-52.101.1fixed 3.12.61-52.101.1
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happ
CVE-2017-9242MedMay 27, 2017
affected < 3.12.61-52.101.1fixed 3.12.61-52.101.1
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
CVE-2017-9077HigMay 19, 2017
affected < 3.12.61-52.101.1fixed 3.12.61-52.101.1
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9076HigMay 19, 2017
affected < 3.12.61-52.101.1fixed 3.12.61-52.101.1
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9075HigMay 19, 2017
affected < 3.12.61-52.101.1fixed 3.12.61-52.101.1
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.

Page 7 of 12