rpm package
suse/kgraft-patch-SLE12-SP1_Update_13&distro=SUSE Linux Enterprise Live Patching 12
pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_13&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7308 | Hig | 7.8 | < 3-2.1 | 3-2.1 | Mar 29, 2017 | The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_N | |
| CVE-2017-7294 | Hig | 7.8 | < 3-2.1 | 3-2.1 | Mar 29, 2017 | The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (s | |
| CVE-2017-7184 | Hig | 7.8 | < 2-2.1 | 2-2.1 | Mar 19, 2017 | The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by | |
| CVE-2017-5970 | Hig | 7.5 | < 1-2.1 | 1-2.1 | Feb 14, 2017 | The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. |
- affected < 3-2.1fixed 3-2.1
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_N
- affected < 3-2.1fixed 3-2.1
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (s
- affected < 2-2.1fixed 2-2.1
The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by
- affected < 1-2.1fixed 1-2.1
The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.