VYPR

rpm package

suse/kgraft-patch-SLE12-SP2_Update_5&distro=SUSE Linux Enterprise Live Patching 12

pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_5&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012

Vulnerabilities (31)

  • CVE-2017-2636HigMar 7, 2017
    affected < 5-2.1fixed 5-2.1

    Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.

  • CVE-2017-5986MedFeb 18, 2017
    affected < 1-6.1fixed 1-6.1

    Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.

  • CVE-2017-5970HigFeb 14, 2017
    affected < 1-6.1fixed 1-6.1

    The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.

  • CVE-2017-5577MedFeb 6, 2017
    affected < 1-6.1fixed 1-6.1

    The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via

  • CVE-2017-5576HigFeb 6, 2017
    affected < 1-6.1fixed 1-6.1

    Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl c

  • CVE-2017-5551MedFeb 6, 2017
    affected < 1-6.1fixed 1-6.1

    The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on exec

  • CVE-2017-2583HigFeb 6, 2017
    affected < 1-6.1fixed 1-6.1

    The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted app

  • CVE-2017-2584HigJan 15, 2017
    affected < 1-6.1fixed 1-6.1

    arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.

  • CVE-2016-9806HigDec 28, 2016
    affected < 1-6.1fixed 1-6.1

    Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a

  • CVE-2016-7117CriOct 10, 2016
    affected < 1-6.1fixed 1-6.1

    Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.

  • CVE-2015-8709HigFeb 8, 2016
    affected < 1-6.1fixed 1-6.1

    kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. N

Page 2 of 2