rpm package
suse/kgraft-patch-SLE12-SP2_Update_10&distro=SUSE Linux Enterprise Live Patching 12
pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_10&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-8924 | Med | 4.6 | < 1-4.1 | 1-4.1 | May 12, 2017 | The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial | |
| CVE-2017-8890 | Hig | 7.8 | < 1-4.1 | 1-4.1 | May 10, 2017 | The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. | |
| CVE-2017-7618 | Hig | 7.5 | < 1-4.1 | 1-4.1 | Apr 10, 2017 | crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue. | |
| CVE-2017-7616 | Med | 5.5 | < 1-4.1 | 1-4.1 | Apr 10, 2017 | Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. | |
| CVE-2017-7346 | Med | 5.5 | < 1-4.1 | 1-4.1 | Mar 30, 2017 | The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* devic |
- affected < 1-4.1fixed 1-4.1
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial
- affected < 1-4.1fixed 1-4.1
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
- affected < 1-4.1fixed 1-4.1
crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.
- affected < 1-4.1fixed 1-4.1
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.
- affected < 1-4.1fixed 1-4.1
The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* devic
Page 2 of 2