rpm package
suse/kgraft-patch-SLE12-SP1_Update_20&distro=SUSE Linux Enterprise Server 12 SP1-LTSS
pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_20&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS
Vulnerabilities (22)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9242 | Med | 5.5 | < 2-2.1 | 2-2.1 | May 27, 2017 | The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. | |
| CVE-2017-8890 | Hig | 7.8 | < 2-2.1 | 2-2.1 | May 10, 2017 | The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. |
- affected < 2-2.1fixed 2-2.1
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
- affected < 2-2.1fixed 2-2.1
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
Page 2 of 2