rpm package

suse/kgraft-patch-SLE12_Update_14&distro=SUSE Linux Enterprise Live Patching 12

pkg:rpm/suse/kgraft-patch-SLE12_Update_14&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012

Vulnerabilities (29)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-3156	Med	5.5	< 1-2.1	1-2.1	Apr 27, 2016	The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
CVE-2016-3139	Med	4.6	< 1-2.1	1-2.1	Apr 27, 2016	The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-3134	Hig	8.4	< 1-2.1	1-2.1	Apr 27, 2016	The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
CVE-2016-2847	Med	6.2	< 1-2.1	1-2.1	Apr 27, 2016	fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
CVE-2016-2782	Med	4.6	< 1-2.1	1-2.1	Apr 27, 2016	The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1
CVE-2016-2184	Med	4.6	< 1-2.1	1-2.1	Apr 27, 2016	The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value i
CVE-2016-2143	Hig	7.8	< 1-2.1	1-2.1	Apr 27, 2016	The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/i
CVE-2015-8845	Med	5.5	< 1-2.1	1-2.1	Apr 27, 2016	The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exceptio
CVE-2015-8816	Med	6.8	< 1-2.1	1-2.1	Apr 27, 2016	The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspe

CVE-2016-3156MedApr 27, 2016
affected < 1-2.1fixed 1-2.1
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
CVE-2016-3139MedApr 27, 2016
affected < 1-2.1fixed 1-2.1
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
CVE-2016-3134HigApr 27, 2016
affected < 1-2.1fixed 1-2.1
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
CVE-2016-2847MedApr 27, 2016
affected < 1-2.1fixed 1-2.1
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
CVE-2016-2782MedApr 27, 2016
affected < 1-2.1fixed 1-2.1
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1
CVE-2016-2184MedApr 27, 2016
affected < 1-2.1fixed 1-2.1
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value i
CVE-2016-2143HigApr 27, 2016
affected < 1-2.1fixed 1-2.1
The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/i
CVE-2015-8845MedApr 27, 2016
affected < 1-2.1fixed 1-2.1
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exceptio
CVE-2015-8816MedApr 27, 2016
affected < 1-2.1fixed 1-2.1
The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspe

Page 2 of 2