rpm package
suse/kgraft-patch-SLE12_Update_21&distro=SUSE Linux Enterprise Server 12-LTSS
pkg:rpm/suse/kgraft-patch-SLE12_Update_21&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS
Vulnerabilities (43)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-5243 | Med | 5.5 | < 1-2.1 | 1-2.1 | Jun 27, 2016 | The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. | |
| CVE-2016-2117 | Hig | 7.5 | < 1-2.1 | 1-2.1 | May 2, 2016 | The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. | |
| CVE-2015-1350 | Med | 5.5 | < 1-2.1 | 1-2.1 | May 2, 2016 | The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system |
- affected < 1-2.1fixed 1-2.1
The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
- affected < 1-2.1fixed 1-2.1
The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.
- affected < 1-2.1fixed 1-2.1
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system
Page 3 of 3