rpm package

suse/kgraft-patch-SLE12_Update_9&distro=SUSE Linux Enterprise Server 12-LTSS

pkg:rpm/suse/kgraft-patch-SLE12_Update_9&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Vulnerabilities (14)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2016-8655	Hig	7.8		< 7-2.1	7-2.1	Dec 8, 2016	Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockop
CVE-2016-9555	Cri	9.8		< 7-2.1	7-2.1	Nov 28, 2016	The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP
CVE-2016-5195	Hig	7.0	KEV	< 6-5.1	6-5.1	Nov 10, 2016	Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
CVE-2016-7117	Cri	9.8		< 7-2.1	7-2.1	Oct 10, 2016	Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
CVE-2016-4997	Hig	7.8		< 6-5.1	6-5.1	Jul 3, 2016	The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a c
CVE-2016-4470	Med	5.5		< 5-2.2	5-2.2	Jun 27, 2016	The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
CVE-2016-1583	Hig	7.8		< 5-2.2	5-2.2	Jun 27, 2016	The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefau
CVE-2016-0758	Hig	7.8		< 5-2.2	5-2.2	Jun 27, 2016	Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
CVE-2016-4565	Hig	7.8		< 5-2.2	5-2.2	May 23, 2016	The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
CVE-2016-2053	Med	4.7		< 5-2.2	5-2.2	May 2, 2016	The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/pub
CVE-2015-8019	Hig	7.8		< 5-2.2	5-2.2	May 2, 2016	The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system c
CVE-2016-3134	Hig	8.4		< 5-2.2	5-2.2	Apr 27, 2016	The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
CVE-2015-8816	Med	6.8		< 5-2.2	5-2.2	Apr 27, 2016	The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspe
CVE-2013-7446	Med	5.3		< 5-2.2	5-2.2	Dec 28, 2015	Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.

CVE-2016-8655HigDec 8, 2016
affected < 7-2.1fixed 7-2.1
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockop
CVE-2016-9555CriNov 28, 2016
affected < 7-2.1fixed 7-2.1
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP
CVE-2016-5195HigKEVNov 10, 2016
affected < 6-5.1fixed 6-5.1
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
CVE-2016-7117CriOct 10, 2016
affected < 7-2.1fixed 7-2.1
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
CVE-2016-4997HigJul 3, 2016
affected < 6-5.1fixed 6-5.1
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a c
CVE-2016-4470MedJun 27, 2016
affected < 5-2.2fixed 5-2.2
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
CVE-2016-1583HigJun 27, 2016
affected < 5-2.2fixed 5-2.2
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefau
CVE-2016-0758HigJun 27, 2016
affected < 5-2.2fixed 5-2.2
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
CVE-2016-4565HigMay 23, 2016
affected < 5-2.2fixed 5-2.2
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
CVE-2016-2053MedMay 2, 2016
affected < 5-2.2fixed 5-2.2
The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/pub
CVE-2015-8019HigMay 2, 2016
affected < 5-2.2fixed 5-2.2
The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system c
CVE-2016-3134HigApr 27, 2016
affected < 5-2.2fixed 5-2.2
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
CVE-2015-8816MedApr 27, 2016
affected < 5-2.2fixed 5-2.2
The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspe
CVE-2013-7446MedDec 28, 2015
affected < 5-2.2fixed 5-2.2
Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.