rpm package

suse/kernel-xen&distro=SUSE Linux Enterprise Server 12

pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012

Vulnerabilities (98)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-4997	Hig	7.8	< 3.12.60-52.54.2	3.12.60-52.54.2	Jul 3, 2016	The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a c
CVE-2016-5244	Hig	7.5	< 3.12.60-52.49.1	3.12.60-52.49.1	Jun 27, 2016	The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
CVE-2016-1583	Hig	7.8	< 3.12.55-52.45.1	3.12.55-52.45.1	Jun 27, 2016	The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefau
CVE-2016-0758	Hig	7.8	< 3.12.60-52.49.1	3.12.60-52.49.1	Jun 27, 2016	Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
CVE-2016-4805	Hig	7.8	< 3.12.60-52.49.1	3.12.60-52.49.1	May 23, 2016	Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to t
CVE-2016-4578	Med	5.5	< 3.12.60-52.49.1	3.12.60-52.49.1	May 23, 2016	sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) sn
CVE-2016-4569	Med	5.5	< 3.12.60-52.49.1	3.12.60-52.49.1	May 23, 2016	The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
CVE-2016-4565	Hig	7.8	< 3.12.60-52.49.1	3.12.60-52.49.1	May 23, 2016	The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
CVE-2016-4486	Low	3.3	< 3.12.60-52.49.1	3.12.60-52.49.1	May 23, 2016	The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
CVE-2016-4482	Med	6.2	< 3.12.60-52.49.1	3.12.60-52.49.1	May 23, 2016	The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
CVE-2016-3951	Med	4.6	< 3.12.60-52.49.1	3.12.60-52.49.1	May 2, 2016	Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.
CVE-2016-3689	Med	4.6	< 3.12.60-52.49.1	3.12.60-52.49.1	May 2, 2016	The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.
CVE-2016-3140	Med	4.6	< 3.12.60-52.49.1	3.12.60-52.49.1	May 2, 2016	The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-3138	Med	4.6	< 3.12.60-52.49.1	3.12.60-52.49.1	May 2, 2016	The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.
CVE-2016-3137	Med	4.6	< 3.12.60-52.49.1	3.12.60-52.49.1	May 2, 2016	drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the c
CVE-2016-3136	Med	4.6	< 3.12.60-52.49.1	3.12.60-52.49.1	May 2, 2016	The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descripto
CVE-2016-2188	Med	4.6	< 3.12.60-52.49.1	3.12.60-52.49.1	May 2, 2016	The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-2186	Med	4.6	< 3.12.60-52.49.1	3.12.60-52.49.1	May 2, 2016	The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-2185	Med	4.6	< 3.12.60-52.49.1	3.12.60-52.49.1	May 2, 2016	The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-2053	Med	4.7	< 3.12.60-52.49.1	3.12.60-52.49.1	May 2, 2016	The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/pub

CVE-2016-4997HigJul 3, 2016
affected < 3.12.60-52.54.2fixed 3.12.60-52.54.2
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a c
CVE-2016-5244HigJun 27, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
CVE-2016-1583HigJun 27, 2016
affected < 3.12.55-52.45.1fixed 3.12.55-52.45.1
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefau
CVE-2016-0758HigJun 27, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
CVE-2016-4805HigMay 23, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to t
CVE-2016-4578MedMay 23, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) sn
CVE-2016-4569MedMay 23, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.
CVE-2016-4565HigMay 23, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
CVE-2016-4486LowMay 23, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
CVE-2016-4482MedMay 23, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.
CVE-2016-3951MedMay 2, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.
CVE-2016-3689MedMay 2, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.
CVE-2016-3140MedMay 2, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-3138MedMay 2, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.
CVE-2016-3137MedMay 2, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the c
CVE-2016-3136MedMay 2, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descripto
CVE-2016-2188MedMay 2, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-2186MedMay 2, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-2185MedMay 2, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-2053MedMay 2, 2016
affected < 3.12.60-52.49.1fixed 3.12.60-52.49.1
The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/pub

Page 1 of 5