rpm package

suse/kgraft-patch-SLE12-SP1_Update_12&distro=SUSE Linux Enterprise Live Patching 12

pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_12&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012

Vulnerabilities (23)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-7308	Hig	7.8	< 4-2.1	4-2.1	Mar 29, 2017	The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_N
CVE-2017-7294	Hig	7.8	< 4-2.1	4-2.1	Mar 29, 2017	The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (s
CVE-2017-7184	Hig	7.8	< 3-2.1	3-2.1	Mar 19, 2017	The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by
CVE-2017-5970	Hig	7.5	< 2-2.1	2-2.1	Feb 14, 2017	The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.
CVE-2017-5551	Med	4.4	< 1-4.1	1-4.1	Feb 6, 2017	The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on exec
CVE-2017-2583	Hig	8.4	< 1-4.1	1-4.1	Feb 6, 2017	The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted app
CVE-2017-2584	Hig	7.1	< 1-4.1	1-4.1	Jan 15, 2017	arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.
CVE-2016-8399	Hig	7.0	< 1-4.1	1-4.1	Jan 12, 2017	An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and curren
CVE-2016-10088	Hig	7.0	< 1-4.1	1-4.1	Dec 30, 2016	The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by lever
CVE-2016-9806	Hig	7.8	< 1-4.1	1-4.1	Dec 28, 2016	Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a
CVE-2016-9793	Hig	7.8	< 1-4.1	1-4.1	Dec 28, 2016	The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leverag
CVE-2016-9756	Med	5.5	< 1-4.1	1-4.1	Dec 28, 2016	arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2016-9084	Hig	7.8	< 1-4.1	1-4.1	Nov 28, 2016	drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file.
CVE-2016-9083	Hig	7.8	< 1-4.1	1-4.1	Nov 28, 2016	drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl
CVE-2016-8645	Med	5.5	< 1-4.1	1-4.1	Nov 28, 2016	The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c.
CVE-2016-8633	Med	6.8	< 1-4.1	1-4.1	Nov 28, 2016	drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.
CVE-2016-7914	Med	5.5	< 1-4.1	1-4.1	Nov 16, 2016	The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference
CVE-2016-7913	Hig	7.8	< 1-4.1	1-4.1	Nov 16, 2016	The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.
CVE-2016-7911	Hig	7.8	< 1-4.1	1-4.1	Nov 16, 2016	Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.
CVE-2016-7910	Hig	7.8	< 1-4.1	1-4.1	Nov 16, 2016	Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.

CVE-2017-7308HigMar 29, 2017
affected < 4-2.1fixed 4-2.1
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_N
CVE-2017-7294HigMar 29, 2017
affected < 4-2.1fixed 4-2.1
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (s
CVE-2017-7184HigMar 19, 2017
affected < 3-2.1fixed 3-2.1
The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by
CVE-2017-5970HigFeb 14, 2017
affected < 2-2.1fixed 2-2.1
The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.
CVE-2017-5551MedFeb 6, 2017
affected < 1-4.1fixed 1-4.1
The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on exec
CVE-2017-2583HigFeb 6, 2017
affected < 1-4.1fixed 1-4.1
The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted app
CVE-2017-2584HigJan 15, 2017
affected < 1-4.1fixed 1-4.1
arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.
CVE-2016-8399HigJan 12, 2017
affected < 1-4.1fixed 1-4.1
An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and curren
CVE-2016-10088HigDec 30, 2016
affected < 1-4.1fixed 1-4.1
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by lever
CVE-2016-9806HigDec 28, 2016
affected < 1-4.1fixed 1-4.1
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a
CVE-2016-9793HigDec 28, 2016
affected < 1-4.1fixed 1-4.1
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leverag
CVE-2016-9756MedDec 28, 2016
affected < 1-4.1fixed 1-4.1
arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
CVE-2016-9084HigNov 28, 2016
affected < 1-4.1fixed 1-4.1
drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file.
CVE-2016-9083HigNov 28, 2016
affected < 1-4.1fixed 1-4.1
drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl
CVE-2016-8645MedNov 28, 2016
affected < 1-4.1fixed 1-4.1
The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c.
CVE-2016-8633MedNov 28, 2016
affected < 1-4.1fixed 1-4.1
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.
CVE-2016-7914MedNov 16, 2016
affected < 1-4.1fixed 1-4.1
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference
CVE-2016-7913HigNov 16, 2016
affected < 1-4.1fixed 1-4.1
The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.
CVE-2016-7911HigNov 16, 2016
affected < 1-4.1fixed 1-4.1
Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.
CVE-2016-7910HigNov 16, 2016
affected < 1-4.1fixed 1-4.1
Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.

Page 1 of 2