VYPR

rpm package

suse/kgraft-patch-SLE12_Update_19&distro=SUSE Linux Enterprise Server 12-LTSS

pkg:rpm/suse/kgraft-patch-SLE12_Update_19&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Vulnerabilities (50)

  • CVE-2016-6327MedOct 16, 2016
    affected < 1-2.1fixed 1-2.1

    drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation.

  • CVE-2015-8956MedOct 10, 2016
    affected < 1-2.1fixed 1-2.1

    The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.

  • CVE-2016-6480MedAug 6, 2016
    affected < 1-2.1fixed 1-2.1

    Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.

  • CVE-2016-5696MedAug 6, 2016
    affected < 1-2.1fixed 1-2.1

    net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

  • CVE-2016-6130MedJul 3, 2016
    affected < 1-2.1fixed 1-2.1

    Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability.

  • CVE-2016-4997HigJul 3, 2016
    affected < 1-2.1fixed 1-2.1

    The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a c

  • CVE-2016-5829HigJun 27, 2016
    affected < 1-2.1fixed 1-2.1

    Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES i

  • CVE-2016-5828HigJun 27, 2016
    affected < 1-2.1fixed 1-2.1

    The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly

  • CVE-2016-4470MedJun 27, 2016
    affected < 1-2.1fixed 1-2.1

    The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

  • CVE-2014-9904HigJun 27, 2016
    affected < 1-2.1fixed 1-2.1

    The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.17 does not properly check for an integer overflow, which allows local users to cause a denial of service (insufficient memory allocation) or possibly have un

Page 3 of 3