ID CVE-2015-1350
Summary The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.
References
Vulnerable Configurations
  • Linux Kernel 3.19.7
    cpe:2.3:o:linux:linux_kernel:3.19.7
  • Linux Kernel 3.19.6
    cpe:2.3:o:linux:linux_kernel:3.19.6
  • Linux Kernel 3.19.4
    cpe:2.3:o:linux:linux_kernel:3.19.4
  • Linux Kernel 3.19.3
    cpe:2.3:o:linux:linux_kernel:3.19.3
  • Linux Kernel 3.18.32
    cpe:2.3:o:linux:linux_kernel:3.18.32
  • Linux Kernel 3.18.31
    cpe:2.3:o:linux:linux_kernel:3.18.31
  • Linux Kernel 3.18.30
    cpe:2.3:o:linux:linux_kernel:3.18.30
  • Linux Kernel 3.18.29
    cpe:2.3:o:linux:linux_kernel:3.18.29
  • Linux Kernel 3.18.28
    cpe:2.3:o:linux:linux_kernel:3.18.28
  • Linux Kernel 3.18.27
    cpe:2.3:o:linux:linux_kernel:3.18.27
  • Linux Kernel 3.18.26
    cpe:2.3:o:linux:linux_kernel:3.18.26
  • Linux Kernel 3.18.25
    cpe:2.3:o:linux:linux_kernel:3.18.25
  • Linux Kernel 3.18.24
    cpe:2.3:o:linux:linux_kernel:3.18.24
  • Linux Kernel 3.18.23
    cpe:2.3:o:linux:linux_kernel:3.18.23
  • Linux Kernel 3.18.22
    cpe:2.3:o:linux:linux_kernel:3.18.22
  • Linux Kernel 3.18.21
    cpe:2.3:o:linux:linux_kernel:3.18.21
  • Linux Kernel 3.18.20
    cpe:2.3:o:linux:linux_kernel:3.18.20
  • Linux Kernel 3.18.19
    cpe:2.3:o:linux:linux_kernel:3.18.19
  • Linux Kernel 3.18.18
    cpe:2.3:o:linux:linux_kernel:3.18.18
  • Linux Kernel 3.18.17
    cpe:2.3:o:linux:linux_kernel:3.18.17
  • Linux Kernel 3.18.16
    cpe:2.3:o:linux:linux_kernel:3.18.16
  • Linux Kernel 3.18.15
    cpe:2.3:o:linux:linux_kernel:3.18.15
  • Linux Kernel 3.18.14
    cpe:2.3:o:linux:linux_kernel:3.18.14
  • Linux Kernel 3.18.13
    cpe:2.3:o:linux:linux_kernel:3.18.13
  • Linux Kernel 3.18.12
    cpe:2.3:o:linux:linux_kernel:3.18.12
  • Linux Kernel 3.18.11
    cpe:2.3:o:linux:linux_kernel:3.18.11
  • Linux Kernel 3.18.10
    cpe:2.3:o:linux:linux_kernel:3.18.10
  • cpe:2.3:o:linux:linux_kernel:3.18.9
    cpe:2.3:o:linux:linux_kernel:3.18.9
  • Linux Kernel 3.18.6
    cpe:2.3:o:linux:linux_kernel:3.18.6
  • Linux Kernel 3.18.5
    cpe:2.3:o:linux:linux_kernel:3.18.5
  • Linux Kernel 3.17.7
    cpe:2.3:o:linux:linux_kernel:3.17.7
  • Linux Kernel 3.17.6
    cpe:2.3:o:linux:linux_kernel:3.17.6
  • Linux Kernel 3.17.5
    cpe:2.3:o:linux:linux_kernel:3.17.5
  • cpe:2.3:o:linux:linux_kernel:3.17.4
    cpe:2.3:o:linux:linux_kernel:3.17.4
  • cpe:2.3:o:linux:linux_kernel:3.17.3
    cpe:2.3:o:linux:linux_kernel:3.17.3
  • cpe:2.3:o:linux:linux_kernel:3.17.2
    cpe:2.3:o:linux:linux_kernel:3.17.2
  • cpe:2.3:o:linux:linux_kernel:3.17.1
    cpe:2.3:o:linux:linux_kernel:3.17.1
  • Linux Kernel 3.16.7
    cpe:2.3:o:linux:linux_kernel:3.16.7
  • Linux Kernel 3.16.6
    cpe:2.3:o:linux:linux_kernel:3.16.6
  • Linux Kernel 3.16.5
    cpe:2.3:o:linux:linux_kernel:3.16.5
  • Linux Kernel 3.16.4
    cpe:2.3:o:linux:linux_kernel:3.16.4
  • cpe:2.3:o:linux:linux_kernel:3.16.3
    cpe:2.3:o:linux:linux_kernel:3.16.3
  • cpe:2.3:o:linux:linux_kernel:3.16.2
    cpe:2.3:o:linux:linux_kernel:3.16.2
  • Linux Kernel 3.14.68
    cpe:2.3:o:linux:linux_kernel:3.14.68
  • Linux Kernel 3.14.67
    cpe:2.3:o:linux:linux_kernel:3.14.67
  • Linux Kernel 3.14.66
    cpe:2.3:o:linux:linux_kernel:3.14.66
  • Linux Kernel 3.14.65
    cpe:2.3:o:linux:linux_kernel:3.14.65
  • Linux Kernel 3.14.64
    cpe:2.3:o:linux:linux_kernel:3.14.64
  • Linux Kernel 3.14.63
    cpe:2.3:o:linux:linux_kernel:3.14.63
  • Linux Kernel 3.14.62
    cpe:2.3:o:linux:linux_kernel:3.14.62
  • Linux Kernel 3.14.61
    cpe:2.3:o:linux:linux_kernel:3.14.61
  • Linux Kernel 3.14.60
    cpe:2.3:o:linux:linux_kernel:3.14.60
  • Linux Kernel 3.14.59
    cpe:2.3:o:linux:linux_kernel:3.14.59
  • Linux Kernel 3.14.58
    cpe:2.3:o:linux:linux_kernel:3.14.58
  • Linux Kernel 3.14.57
    cpe:2.3:o:linux:linux_kernel:3.14.57
  • Linux Kernel 3.14.56
    cpe:2.3:o:linux:linux_kernel:3.14.56
  • Linux Kernel 3.14.55
    cpe:2.3:o:linux:linux_kernel:3.14.55
  • Linux Kernel 3.14.54
    cpe:2.3:o:linux:linux_kernel:3.14.54
  • Linux Kernel 3.14.53
    cpe:2.3:o:linux:linux_kernel:3.14.53
  • Linux Kernel 3.14.52
    cpe:2.3:o:linux:linux_kernel:3.14.52
  • Linux Kernel 3.14.51
    cpe:2.3:o:linux:linux_kernel:3.14.51
  • Linux Kernel 3.14.50
    cpe:2.3:o:linux:linux_kernel:3.14.50
  • Linux Kernel 3.14.49
    cpe:2.3:o:linux:linux_kernel:3.14.49
  • Linux Kernel 3.14.48
    cpe:2.3:o:linux:linux_kernel:3.14.48
  • Linux Kernel 3.14.47
    cpe:2.3:o:linux:linux_kernel:3.14.47
  • Linux Kernel 3.14.46
    cpe:2.3:o:linux:linux_kernel:3.14.46
  • Linux Kernel 3.14.45
    cpe:2.3:o:linux:linux_kernel:3.14.45
  • Linux Kernel 3.14.44
    cpe:2.3:o:linux:linux_kernel:3.14.44
  • Linux Kernel 3.14.43
    cpe:2.3:o:linux:linux_kernel:3.14.43
  • Linux Kernel 3.14.42
    cpe:2.3:o:linux:linux_kernel:3.14.42
  • Linux Kernel 3.14.41
    cpe:2.3:o:linux:linux_kernel:3.14.41
  • Linux Kernel 3.14.40
    cpe:2.3:o:linux:linux_kernel:3.14.40
  • Linux Kernel 3.14.39
    cpe:2.3:o:linux:linux_kernel:3.14.39
  • Linux Kernel 3.14.38
    cpe:2.3:o:linux:linux_kernel:3.14.38
  • Linux Kernel 3.14.37
    cpe:2.3:o:linux:linux_kernel:3.14.37
  • Linux Kernel 3.14.36
    cpe:2.3:o:linux:linux_kernel:3.14.36
  • Linux Kernel 3.14.35
    cpe:2.3:o:linux:linux_kernel:3.14.35
  • Linux Kernel 3.14.34
    cpe:2.3:o:linux:linux_kernel:3.14.34
  • Linux Kernel 3.14.33
    cpe:2.3:o:linux:linux_kernel:3.14.33
  • Linux Kernel 3.14.32
    cpe:2.3:o:linux:linux_kernel:3.14.32
  • Linux Kernel 3.14.31
    cpe:2.3:o:linux:linux_kernel:3.14.31
  • Linux Kernel 3.14.30
    cpe:2.3:o:linux:linux_kernel:3.14.30
  • Linux Kernel 3.14.29
    cpe:2.3:o:linux:linux_kernel:3.14.29
  • Linux Kernel 3.14.28
    cpe:2.3:o:linux:linux_kernel:3.14.28
  • Linux Kernel 3.14.27
    cpe:2.3:o:linux:linux_kernel:3.14.27
  • Linux Kernel 3.14.26
    cpe:2.3:o:linux:linux_kernel:3.14.26
  • Linux Kernel 3.14.25
    cpe:2.3:o:linux:linux_kernel:3.14.25
  • Linux Kernel 3.14.24
    cpe:2.3:o:linux:linux_kernel:3.14.24
  • Linux Kernel 3.14.23
    cpe:2.3:o:linux:linux_kernel:3.14.23
  • Linux Kernel 3.14.22
    cpe:2.3:o:linux:linux_kernel:3.14.22
  • Linux Kernel 3.14.21
    cpe:2.3:o:linux:linux_kernel:3.14.21
  • Linux Kernel 3.14.20
    cpe:2.3:o:linux:linux_kernel:3.14.20
  • Linux Kernel 3.14.19
    cpe:2.3:o:linux:linux_kernel:3.14.19
  • Linux Kernel 3.14.18
    cpe:2.3:o:linux:linux_kernel:3.14.18
  • Linux Kernel 3.14.17
    cpe:2.3:o:linux:linux_kernel:3.14.17
  • Linux Kernel 3.14.16
    cpe:2.3:o:linux:linux_kernel:3.14.16
  • Linux Kernel 3.14.15
    cpe:2.3:o:linux:linux_kernel:3.14.15
  • Linux Kernel 3.14.14
    cpe:2.3:o:linux:linux_kernel:3.14.14
  • Linux Kernel 3.14.13
    cpe:2.3:o:linux:linux_kernel:3.14.13
  • Linux Kernel 3.14.12
    cpe:2.3:o:linux:linux_kernel:3.14.12
  • Linux Kernel 3.14.11
    cpe:2.3:o:linux:linux_kernel:3.14.11
  • Linux Kernel 3.14.10
    cpe:2.3:o:linux:linux_kernel:3.14.10
  • Linux Kernel 3.14.8
    cpe:2.3:o:linux:linux_kernel:3.14.8
  • cpe:2.3:o:linux:linux_kernel:3.14.7
    cpe:2.3:o:linux:linux_kernel:3.14.7
  • cpe:2.3:o:linux:linux_kernel:3.14.6
    cpe:2.3:o:linux:linux_kernel:3.14.6
  • Linux Kernel 3.12.59
    cpe:2.3:o:linux:linux_kernel:3.12.59
  • Linux Kernel 3.12.58
    cpe:2.3:o:linux:linux_kernel:3.12.58
  • Linux Kernel 3.12.57
    cpe:2.3:o:linux:linux_kernel:3.12.57
  • Linux Kernel 3.12.56
    cpe:2.3:o:linux:linux_kernel:3.12.56
  • Linux Kernel 3.12.55
    cpe:2.3:o:linux:linux_kernel:3.12.55
  • Linux Kernel 3.12.54
    cpe:2.3:o:linux:linux_kernel:3.12.54
  • Linux Kernel 3.12.53
    cpe:2.3:o:linux:linux_kernel:3.12.53
  • Linux Kernel 3.12.52
    cpe:2.3:o:linux:linux_kernel:3.12.52
  • Linux Kernel 3.12.51
    cpe:2.3:o:linux:linux_kernel:3.12.51
  • Linux Kernel 3.12.50
    cpe:2.3:o:linux:linux_kernel:3.12.50
  • Linux Kernel 3.12.49
    cpe:2.3:o:linux:linux_kernel:3.12.49
  • Linux Kernel 3.12.48
    cpe:2.3:o:linux:linux_kernel:3.12.48
  • Linux Kernel 3.12.47
    cpe:2.3:o:linux:linux_kernel:3.12.47
  • Linux Kernel 3.12.46
    cpe:2.3:o:linux:linux_kernel:3.12.46
  • Linux Kernel 3.12.45
    cpe:2.3:o:linux:linux_kernel:3.12.45
  • Linux Kernel 3.12.44
    cpe:2.3:o:linux:linux_kernel:3.12.44
  • Linux Kernel 3.12.43
    cpe:2.3:o:linux:linux_kernel:3.12.43
  • Linux Kernel 3.12.42
    cpe:2.3:o:linux:linux_kernel:3.12.42
  • Linux Kernel 3.12.41
    cpe:2.3:o:linux:linux_kernel:3.12.41
  • Linux Kernel 3.12.40
    cpe:2.3:o:linux:linux_kernel:3.12.40
  • Linux Kernel 3.12.39
    cpe:2.3:o:linux:linux_kernel:3.12.39
  • Linux Kernel 3.12.38
    cpe:2.3:o:linux:linux_kernel:3.12.38
  • Linux Kernel 3.12.37
    cpe:2.3:o:linux:linux_kernel:3.12.37
  • Linux Kernel 3.12.36
    cpe:2.3:o:linux:linux_kernel:3.12.36
  • Linux Kernel 3.12.35
    cpe:2.3:o:linux:linux_kernel:3.12.35
  • Linux Kernel 3.12.34
    cpe:2.3:o:linux:linux_kernel:3.12.34
  • Linux Kernel 3.12.33
    cpe:2.3:o:linux:linux_kernel:3.12.33
  • Linux Kernel 3.12.32
    cpe:2.3:o:linux:linux_kernel:3.12.32
  • Linux Kernel 3.12.31
    cpe:2.3:o:linux:linux_kernel:3.12.31
  • Linux Kernel 3.12.30
    cpe:2.3:o:linux:linux_kernel:3.12.30
  • Linux Kernel 3.12.29
    cpe:2.3:o:linux:linux_kernel:3.12.29
  • Linux Kernel 3.12.28
    cpe:2.3:o:linux:linux_kernel:3.12.28
  • Linux Kernel 3.12.27
    cpe:2.3:o:linux:linux_kernel:3.12.27
  • Linux Kernel 3.12.26
    cpe:2.3:o:linux:linux_kernel:3.12.26
  • Linux Kernel 3.12.25
    cpe:2.3:o:linux:linux_kernel:3.12.25
  • Linux Kernel 3.12.24
    cpe:2.3:o:linux:linux_kernel:3.12.24
  • Linux Kernel 3.12.23
    cpe:2.3:o:linux:linux_kernel:3.12.23
  • Linux Kernel 3.12.22
    cpe:2.3:o:linux:linux_kernel:3.12.22
  • Linux Kernel 3.12.21
    cpe:2.3:o:linux:linux_kernel:3.12.21
  • Linux Kernel 3.12.20
    cpe:2.3:o:linux:linux_kernel:3.12.20
  • Linux Kernel 3.12.19
    cpe:2.3:o:linux:linux_kernel:3.12.19
  • Linux Kernel 3.12.18
    cpe:2.3:o:linux:linux_kernel:3.12.18
  • Linux Kernel 3.10.101
    cpe:2.3:o:linux:linux_kernel:3.10.101
  • Linux Kernel 3.10.100
    cpe:2.3:o:linux:linux_kernel:3.10.100
  • Linux Kernel 3.10.99
    cpe:2.3:o:linux:linux_kernel:3.10.99
  • Linux Kernel 3.10.98
    cpe:2.3:o:linux:linux_kernel:3.10.98
  • Linux Kernel 3.10.97
    cpe:2.3:o:linux:linux_kernel:3.10.97
  • Linux Kernel 3.10.96
    cpe:2.3:o:linux:linux_kernel:3.10.96
  • Linux Kernel 3.10.95
    cpe:2.3:o:linux:linux_kernel:3.10.95
  • Linux Kernel 3.10.94
    cpe:2.3:o:linux:linux_kernel:3.10.94
  • Linux Kernel 3.10.93
    cpe:2.3:o:linux:linux_kernel:3.10.93
  • Linux Kernel 3.10.92
    cpe:2.3:o:linux:linux_kernel:3.10.92
  • Linux Kernel 3.10.91
    cpe:2.3:o:linux:linux_kernel:3.10.91
  • Linux Kernel 3.10.90
    cpe:2.3:o:linux:linux_kernel:3.10.90
  • Linux Kernel 3.10.89
    cpe:2.3:o:linux:linux_kernel:3.10.89
  • Linux Kernel 3.10.88
    cpe:2.3:o:linux:linux_kernel:3.10.88
  • Linux Kernel 3.10.87
    cpe:2.3:o:linux:linux_kernel:3.10.87
  • Linux Kernel 3.10.86
    cpe:2.3:o:linux:linux_kernel:3.10.86
  • Linux Kernel 3.10.85
    cpe:2.3:o:linux:linux_kernel:3.10.85
  • Linux Kernel 3.10.84
    cpe:2.3:o:linux:linux_kernel:3.10.84
  • Linux Kernel 3.10.83
    cpe:2.3:o:linux:linux_kernel:3.10.83
  • Linux Kernel 3.10.82
    cpe:2.3:o:linux:linux_kernel:3.10.82
  • Linux Kernel 3.10.81
    cpe:2.3:o:linux:linux_kernel:3.10.81
  • Linux Kernel 3.10.80
    cpe:2.3:o:linux:linux_kernel:3.10.80
  • Linux Kernel 3.10.79
    cpe:2.3:o:linux:linux_kernel:3.10.79
  • Linux Kernel 3.10.78
    cpe:2.3:o:linux:linux_kernel:3.10.78
  • Linux Kernel 3.10.77
    cpe:2.3:o:linux:linux_kernel:3.10.77
  • Linux Kernel 3.10.76
    cpe:2.3:o:linux:linux_kernel:3.10.76
  • Linux Kernel 3.10.75
    cpe:2.3:o:linux:linux_kernel:3.10.75
  • Linux Kernel 3.10.74
    cpe:2.3:o:linux:linux_kernel:3.10.74
  • Linux Kernel 3.10.73
    cpe:2.3:o:linux:linux_kernel:3.10.73
  • Linux Kernel 3.10.72
    cpe:2.3:o:linux:linux_kernel:3.10.72
  • Linux Kernel 3.10.71
    cpe:2.3:o:linux:linux_kernel:3.10.71
  • Linux Kernel 3.10.70
    cpe:2.3:o:linux:linux_kernel:3.10.70
  • Linux Kernel 3.10.69
    cpe:2.3:o:linux:linux_kernel:3.10.69
  • Linux Kernel 3.10.68
    cpe:2.3:o:linux:linux_kernel:3.10.68
  • Linux Kernel 3.10.67
    cpe:2.3:o:linux:linux_kernel:3.10.67
  • Linux Kernel 3.10.66
    cpe:2.3:o:linux:linux_kernel:3.10.66
  • Linux Kernel 3.10.65
    cpe:2.3:o:linux:linux_kernel:3.10.65
  • Linux Kernel 3.10.64
    cpe:2.3:o:linux:linux_kernel:3.10.64
  • Linux Kernel 3.10.63
    cpe:2.3:o:linux:linux_kernel:3.10.63
  • Linux Kernel 3.10.62
    cpe:2.3:o:linux:linux_kernel:3.10.62
  • Linux Kernel 3.10.61
    cpe:2.3:o:linux:linux_kernel:3.10.61
  • Linux Kernel 3.10.60
    cpe:2.3:o:linux:linux_kernel:3.10.60
  • Linux Kernel 3.10.59
    cpe:2.3:o:linux:linux_kernel:3.10.59
  • Linux Kernel 3.10.58
    cpe:2.3:o:linux:linux_kernel:3.10.58
  • Linux Kernel 3.10.57
    cpe:2.3:o:linux:linux_kernel:3.10.57
  • Linux Kernel 3.10.56
    cpe:2.3:o:linux:linux_kernel:3.10.56
  • Linux Kernel 3.10.55
    cpe:2.3:o:linux:linux_kernel:3.10.55
  • Linux Kernel 3.10.54
    cpe:2.3:o:linux:linux_kernel:3.10.54
  • Linux Kernel 3.10.53
    cpe:2.3:o:linux:linux_kernel:3.10.53
  • Linux Kernel 3.10.52
    cpe:2.3:o:linux:linux_kernel:3.10.52
  • Linux Kernel 3.10.51
    cpe:2.3:o:linux:linux_kernel:3.10.51
  • Linux Kernel 3.10.50
    cpe:2.3:o:linux:linux_kernel:3.10.50
  • Linux Kernel 3.10.49
    cpe:2.3:o:linux:linux_kernel:3.10.49
  • Linux Kernel 3.10.48
    cpe:2.3:o:linux:linux_kernel:3.10.48
  • Linux Kernel 3.10.47
    cpe:2.3:o:linux:linux_kernel:3.10.47
  • Linux Kernel 3.10.46
    cpe:2.3:o:linux:linux_kernel:3.10.46
  • Linux Kernel 3.10.45
    cpe:2.3:o:linux:linux_kernel:3.10.45
  • Linux Kernel 3.10.44
    cpe:2.3:o:linux:linux_kernel:3.10.44
  • Linux Kernel 3.10.43
    cpe:2.3:o:linux:linux_kernel:3.10.43
  • Linux Kernel 3.10.42
    cpe:2.3:o:linux:linux_kernel:3.10.42
  • Linux Kernel 3.10.41
    cpe:2.3:o:linux:linux_kernel:3.10.41
  • Linux Kernel 3.10.40
    cpe:2.3:o:linux:linux_kernel:3.10.40
  • Linux Kernel 3.10.39
    cpe:2.3:o:linux:linux_kernel:3.10.39
  • Linux Kernel 3.10.38
    cpe:2.3:o:linux:linux_kernel:3.10.38
  • Linux Kernel 3.10.37
    cpe:2.3:o:linux:linux_kernel:3.10.37
  • Linux Kernel 3.10.36
    cpe:2.3:o:linux:linux_kernel:3.10.36
  • Linux Kernel 3.10.35
    cpe:2.3:o:linux:linux_kernel:3.10.35
  • Linux Kernel 3.10.34
    cpe:2.3:o:linux:linux_kernel:3.10.34
  • Linux Kernel 3.10.33
    cpe:2.3:o:linux:linux_kernel:3.10.33
  • Linux Kernel 3.10.32
    cpe:2.3:o:linux:linux_kernel:3.10.32
  • Linux Kernel 3.10.31
    cpe:2.3:o:linux:linux_kernel:3.10.31
  • Linux Kernel 3.10.30
    cpe:2.3:o:linux:linux_kernel:3.10.30
  • Linux Kernel 3.4.112
    cpe:2.3:o:linux:linux_kernel:3.4.112
  • Linux Kernel 3.4.111
    cpe:2.3:o:linux:linux_kernel:3.4.111
  • Linux Kernel 3.4.110
    cpe:2.3:o:linux:linux_kernel:3.4.110
  • Linux Kernel 3.4.109
    cpe:2.3:o:linux:linux_kernel:3.4.109
  • Linux Kernel 3.4.108
    cpe:2.3:o:linux:linux_kernel:3.4.108
  • Linux Kernel 3.4.107
    cpe:2.3:o:linux:linux_kernel:3.4.107
  • Linux Kernel 3.4.106
    cpe:2.3:o:linux:linux_kernel:3.4.106
  • Linux Kernel 3.4.105
    cpe:2.3:o:linux:linux_kernel:3.4.105
  • Linux Kernel 3.4.104
    cpe:2.3:o:linux:linux_kernel:3.4.104
  • Linux Kernel 3.4.103
    cpe:2.3:o:linux:linux_kernel:3.4.103
  • Linux Kernel 3.4.102
    cpe:2.3:o:linux:linux_kernel:3.4.102
  • Linux Kernel 3.4.101
    cpe:2.3:o:linux:linux_kernel:3.4.101
  • Linux Kernel 3.4.100
    cpe:2.3:o:linux:linux_kernel:3.4.100
  • Linux Kernel 3.4.99
    cpe:2.3:o:linux:linux_kernel:3.4.99
  • Linux Kernel 3.4.98
    cpe:2.3:o:linux:linux_kernel:3.4.98
  • Linux Kernel 3.4.97
    cpe:2.3:o:linux:linux_kernel:3.4.97
  • Linux Kernel 3.4.96
    cpe:2.3:o:linux:linux_kernel:3.4.96
  • Linux Kernel 3.4.95
    cpe:2.3:o:linux:linux_kernel:3.4.95
  • Linux Kernel 3.4.94
    cpe:2.3:o:linux:linux_kernel:3.4.94
  • Linux Kernel 3.4.93
    cpe:2.3:o:linux:linux_kernel:3.4.93
  • Linux Kernel 3.4.92
    cpe:2.3:o:linux:linux_kernel:3.4.92
  • Linux Kernel 3.4.91
    cpe:2.3:o:linux:linux_kernel:3.4.91
  • Linux Kernel 3.4.90
    cpe:2.3:o:linux:linux_kernel:3.4.90
  • Linux Kernel 3.4.89
    cpe:2.3:o:linux:linux_kernel:3.4.89
  • Linux Kernel 3.4.88
    cpe:2.3:o:linux:linux_kernel:3.4.88
  • Linux Kernel 3.4.87
    cpe:2.3:o:linux:linux_kernel:3.4.87
  • Linux Kernel 3.4.86
    cpe:2.3:o:linux:linux_kernel:3.4.86
  • Linux Kernel 3.4.85
    cpe:2.3:o:linux:linux_kernel:3.4.85
  • Linux Kernel 3.4.84
    cpe:2.3:o:linux:linux_kernel:3.4.84
  • Linux Kernel 3.4.83
    cpe:2.3:o:linux:linux_kernel:3.4.83
  • Linux Kernel 3.4.82
    cpe:2.3:o:linux:linux_kernel:3.4.82
  • Linux Kernel 3.4.81
    cpe:2.3:o:linux:linux_kernel:3.4.81
  • Linux Kernel 3.4.80
    cpe:2.3:o:linux:linux_kernel:3.4.80
  • Linux Kernel 3.2.80
    cpe:2.3:o:linux:linux_kernel:3.2.80
  • Linux Kernel 3.2.79
    cpe:2.3:o:linux:linux_kernel:3.2.79
  • Linux Kernel 3.2.78
    cpe:2.3:o:linux:linux_kernel:3.2.78
  • Linux Kernel 3.2.77
    cpe:2.3:o:linux:linux_kernel:3.2.77
  • Linux Kernel 3.2.76
    cpe:2.3:o:linux:linux_kernel:3.2.76
  • Linux Kernel 3.2.75
    cpe:2.3:o:linux:linux_kernel:3.2.75
  • Linux Kernel 3.2.74
    cpe:2.3:o:linux:linux_kernel:3.2.74
  • Linux Kernel 3.2.73
    cpe:2.3:o:linux:linux_kernel:3.2.73
  • Linux Kernel 3.2.72
    cpe:2.3:o:linux:linux_kernel:3.2.72
  • Linux Kernel 3.2.71
    cpe:2.3:o:linux:linux_kernel:3.2.71
  • Linux Kernel 3.2.70
    cpe:2.3:o:linux:linux_kernel:3.2.70
  • Linux Kernel 3.2.69
    cpe:2.3:o:linux:linux_kernel:3.2.69
  • Linux Kernel 3.2.68
    cpe:2.3:o:linux:linux_kernel:3.2.68
  • Linux Kernel 3.2.67
    cpe:2.3:o:linux:linux_kernel:3.2.67
  • Linux Kernel 3.2.66
    cpe:2.3:o:linux:linux_kernel:3.2.66
  • Linux Kernel 3.2.65
    cpe:2.3:o:linux:linux_kernel:3.2.65
  • Linux Kernel 3.2.64
    cpe:2.3:o:linux:linux_kernel:3.2.64
  • cpe:2.3:o:linux:linux_kernel:3.2.63
    cpe:2.3:o:linux:linux_kernel:3.2.63
  • cpe:2.3:o:linux:linux_kernel:3.2.62
    cpe:2.3:o:linux:linux_kernel:3.2.62
  • cpe:2.3:o:linux:linux_kernel:3.2.61
    cpe:2.3:o:linux:linux_kernel:3.2.61
  • cpe:2.3:o:linux:linux_kernel:3.2.60
    cpe:2.3:o:linux:linux_kernel:3.2.60
  • cpe:2.3:o:linux:linux_kernel:3.2.59
    cpe:2.3:o:linux:linux_kernel:3.2.59
  • cpe:2.3:o:linux:linux_kernel:3.2.58
    cpe:2.3:o:linux:linux_kernel:3.2.58
  • cpe:2.3:o:linux:linux_kernel:3.2.57
    cpe:2.3:o:linux:linux_kernel:3.2.57
  • cpe:2.3:o:linux:linux_kernel:3.2.56
    cpe:2.3:o:linux:linux_kernel:3.2.56
  • cpe:2.3:o:linux:linux_kernel:3.2.55
    cpe:2.3:o:linux:linux_kernel:3.2.55
  • cpe:2.3:o:linux:linux_kernel:3.2.54
    cpe:2.3:o:linux:linux_kernel:3.2.54
  • cpe:2.3:o:linux:linux_kernel:3.2.53
    cpe:2.3:o:linux:linux_kernel:3.2.53
  • cpe:2.3:o:linux:linux_kernel:3.2.52
    cpe:2.3:o:linux:linux_kernel:3.2.52
  • cpe:2.3:o:linux:linux_kernel:3.2.51
    cpe:2.3:o:linux:linux_kernel:3.2.51
  • cpe:2.3:o:linux:linux_kernel:3.2.50
    cpe:2.3:o:linux:linux_kernel:3.2.50
  • cpe:2.3:o:linux:linux_kernel:3.2.49
    cpe:2.3:o:linux:linux_kernel:3.2.49
  • cpe:2.3:o:linux:linux_kernel:3.2.48
    cpe:2.3:o:linux:linux_kernel:3.2.48
  • cpe:2.3:o:linux:linux_kernel:3.2.47
    cpe:2.3:o:linux:linux_kernel:3.2.47
  • cpe:2.3:o:linux:linux_kernel:3.2.46
    cpe:2.3:o:linux:linux_kernel:3.2.46
  • cpe:2.3:o:linux:linux_kernel:3.2.45
    cpe:2.3:o:linux:linux_kernel:3.2.45
  • cpe:2.3:o:linux:linux_kernel:3.2.44
    cpe:2.3:o:linux:linux_kernel:3.2.44
  • cpe:2.3:o:linux:linux_kernel:3.2.43
    cpe:2.3:o:linux:linux_kernel:3.2.43
  • cpe:2.3:o:linux:linux_kernel:3.2.42
    cpe:2.3:o:linux:linux_kernel:3.2.42
  • cpe:2.3:o:linux:linux_kernel:3.2.41
    cpe:2.3:o:linux:linux_kernel:3.2.41
  • cpe:2.3:o:linux:linux_kernel:3.2.40
    cpe:2.3:o:linux:linux_kernel:3.2.40
  • cpe:2.3:o:linux:linux_kernel:3.2.39
    cpe:2.3:o:linux:linux_kernel:3.2.39
  • cpe:2.3:o:linux:linux_kernel:3.2.38
    cpe:2.3:o:linux:linux_kernel:3.2.38
  • cpe:2.3:o:linux:linux_kernel:3.2.37
    cpe:2.3:o:linux:linux_kernel:3.2.37
  • cpe:2.3:o:linux:linux_kernel:3.2.36
    cpe:2.3:o:linux:linux_kernel:3.2.36
  • cpe:2.3:o:linux:linux_kernel:3.2.35
    cpe:2.3:o:linux:linux_kernel:3.2.35
  • cpe:2.3:o:linux:linux_kernel:3.2.34
    cpe:2.3:o:linux:linux_kernel:3.2.34
  • cpe:2.3:o:linux:linux_kernel:3.2.33
    cpe:2.3:o:linux:linux_kernel:3.2.33
  • cpe:2.3:o:linux:linux_kernel:3.2.32
    cpe:2.3:o:linux:linux_kernel:3.2.32
  • cpe:2.3:o:linux:linux_kernel:3.2.31
    cpe:2.3:o:linux:linux_kernel:3.2.31
  • Linux Kernel 3.0.101
    cpe:2.3:o:linux:linux_kernel:3.0.101
  • Linux Kernel 3.0.100
    cpe:2.3:o:linux:linux_kernel:3.0.100
  • Linux Kernel 3.0.99
    cpe:2.3:o:linux:linux_kernel:3.0.99
  • Linux Kernel 3.0.98
    cpe:2.3:o:linux:linux_kernel:3.0.98
  • Linux Kernel 3.0.97
    cpe:2.3:o:linux:linux_kernel:3.0.97
  • Linux Kernel 3.0.96
    cpe:2.3:o:linux:linux_kernel:3.0.96
  • Linux Kernel 3.0.95
    cpe:2.3:o:linux:linux_kernel:3.0.95
  • Linux Kernel 3.0.94
    cpe:2.3:o:linux:linux_kernel:3.0.94
  • Linux Kernel 3.0.93
    cpe:2.3:o:linux:linux_kernel:3.0.93
  • Linux Kernel 3.0.92
    cpe:2.3:o:linux:linux_kernel:3.0.92
  • Linux Kernel 3.0.91
    cpe:2.3:o:linux:linux_kernel:3.0.91
  • Linux Kernel 3.0.90
    cpe:2.3:o:linux:linux_kernel:3.0.90
  • Linux Kernel 3.0.89
    cpe:2.3:o:linux:linux_kernel:3.0.89
  • Linux Kernel 3.0.88
    cpe:2.3:o:linux:linux_kernel:3.0.88
  • Linux Kernel 3.0.87
    cpe:2.3:o:linux:linux_kernel:3.0.87
  • Linux Kernel 3.0.86
    cpe:2.3:o:linux:linux_kernel:3.0.86
  • Linux Kernel 3.0.85
    cpe:2.3:o:linux:linux_kernel:3.0.85
  • Linux Kernel 3.0.84
    cpe:2.3:o:linux:linux_kernel:3.0.84
  • Linux Kernel 3.0.83
    cpe:2.3:o:linux:linux_kernel:3.0.83
  • Linux Kernel 3.0.82
    cpe:2.3:o:linux:linux_kernel:3.0.82
  • Linux Kernel 3.0.81
    cpe:2.3:o:linux:linux_kernel:3.0.81
  • Linux Kernel 3.0.80
    cpe:2.3:o:linux:linux_kernel:3.0.80
  • Linux Kernel 3.0.79
    cpe:2.3:o:linux:linux_kernel:3.0.79
  • Linux Kernel 3.0.78
    cpe:2.3:o:linux:linux_kernel:3.0.78
  • Linux Kernel 3.0.77
    cpe:2.3:o:linux:linux_kernel:3.0.77
  • Linux Kernel 3.0.76
    cpe:2.3:o:linux:linux_kernel:3.0.76
  • Linux Kernel 3.0.75
    cpe:2.3:o:linux:linux_kernel:3.0.75
  • Linux Kernel 3.0.74
    cpe:2.3:o:linux:linux_kernel:3.0.74
  • Linux Kernel 3.0.73
    cpe:2.3:o:linux:linux_kernel:3.0.73
  • Linux Kernel 3.0.72
    cpe:2.3:o:linux:linux_kernel:3.0.72
  • Linux Kernel 3.0.71
    cpe:2.3:o:linux:linux_kernel:3.0.71
  • Linux Kernel 3.0.70
    cpe:2.3:o:linux:linux_kernel:3.0.70
  • Linux Kernel 3.0.69
    cpe:2.3:o:linux:linux_kernel:3.0.69
  • Linux Kernel 3.9.9 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.9:-:-:-:-:-:arm64
  • Linux Kernel 3.9.9
    cpe:2.3:o:linux:linux_kernel:3.9.9
  • Linux Kernel 3.9.8 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.8:-:-:-:-:-:arm64
  • Linux Kernel 3.9.8
    cpe:2.3:o:linux:linux_kernel:3.9.8
  • Linux Kernel 3.9.7 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.7:-:-:-:-:-:arm64
  • Linux Kernel 3.9.7
    cpe:2.3:o:linux:linux_kernel:3.9.7
  • Linux Kernel 3.9.6 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.6:-:-:-:-:-:arm64
  • Linux Kernel 3.9.6
    cpe:2.3:o:linux:linux_kernel:3.9.6
  • Linux Kernel 3.9.5 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.5:-:-:-:-:-:arm64
  • Linux Kernel 3.9.5
    cpe:2.3:o:linux:linux_kernel:3.9.5
  • Linux Kernel 3.9.4 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.4:-:-:-:-:-:arm64
  • Linux Kernel 3.9.4
    cpe:2.3:o:linux:linux_kernel:3.9.4
  • Linux Kernel 3.9.3 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.3:-:-:-:-:-:arm64
  • Linux Kernel 3.9.3
    cpe:2.3:o:linux:linux_kernel:3.9.3
  • Linux Kernel 3.9.2 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.2:-:-:-:-:-:arm64
  • Linux Kernel 3.9.2
    cpe:2.3:o:linux:linux_kernel:3.9.2
  • Linux Kernel 3.9.11 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.11:-:-:-:-:-:arm64
  • Linux Kernel 3.9.11
    cpe:2.3:o:linux:linux_kernel:3.9.11
  • Linux Kernel 3.9.10 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.10:-:-:-:-:-:arm64
  • Linux Kernel 3.9.10
    cpe:2.3:o:linux:linux_kernel:3.9.10
  • Linux Kernel 3.9.1 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.1:-:-:-:-:-:arm64
  • Linux Kernel 3.9.1
    cpe:2.3:o:linux:linux_kernel:3.9.1
  • Linux Kernel 3.9.0 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.0:-:-:-:-:-:arm64
  • Linux Kernel 3.9.0
    cpe:2.3:o:linux:linux_kernel:3.9.0
  • Linux Kernel 3.9 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.9:rc7
  • Linux Kernel 3.9 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.9:rc6
  • Linux Kernel 3.9 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.9:rc5
  • Linux Kernel 3.9 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.9:rc4
  • Linux Kernel 3.9 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.9:rc3
  • Linux Kernel 3.9 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.9:rc2
  • Linux Kernel 3.9 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.9:rc1
  • Linux Kernel 3.8.9
    cpe:2.3:o:linux:linux_kernel:3.8.9
  • Linux Kernel 3.8.8
    cpe:2.3:o:linux:linux_kernel:3.8.8
  • Linux Kernel 3.8.7
    cpe:2.3:o:linux:linux_kernel:3.8.7
  • Linux Kernel 3.8.6
    cpe:2.3:o:linux:linux_kernel:3.8.6
  • Linux Kernel 3.8.5
    cpe:2.3:o:linux:linux_kernel:3.8.5
  • Linux Kernel 3.8.4
    cpe:2.3:o:linux:linux_kernel:3.8.4
  • Linux Kernel 3.8.3
    cpe:2.3:o:linux:linux_kernel:3.8.3
  • Linux Kernel 3.8.2
    cpe:2.3:o:linux:linux_kernel:3.8.2
  • Linux Kernel 3.8.13
    cpe:2.3:o:linux:linux_kernel:3.8.13
  • Linux Kernel 3.8.12
    cpe:2.3:o:linux:linux_kernel:3.8.12
  • Linux Kernel 3.8.11
    cpe:2.3:o:linux:linux_kernel:3.8.11
  • Linux Kernel 3.8.10
    cpe:2.3:o:linux:linux_kernel:3.8.10
  • Linux Kernel 3.8.1
    cpe:2.3:o:linux:linux_kernel:3.8.1
  • Linux Kernel 3.8.0
    cpe:2.3:o:linux:linux_kernel:3.8.0
  • Linux Kernel 3.7.9
    cpe:2.3:o:linux:linux_kernel:3.7.9
  • Linux Kernel 3.7.8
    cpe:2.3:o:linux:linux_kernel:3.7.8
  • Linux Kernel 3.7.7
    cpe:2.3:o:linux:linux_kernel:3.7.7
  • Linux Kernel 3.7.6
    cpe:2.3:o:linux:linux_kernel:3.7.6
  • Linux Kernel 3.7.5
    cpe:2.3:o:linux:linux_kernel:3.7.5
  • Linux Kernel 3.7.4
    cpe:2.3:o:linux:linux_kernel:3.7.4
  • Linux Kernel 3.7.3
    cpe:2.3:o:linux:linux_kernel:3.7.3
  • Linux Kernel 3.7.2
    cpe:2.3:o:linux:linux_kernel:3.7.2
  • Linux Kernel 3.7.10
    cpe:2.3:o:linux:linux_kernel:3.7.10
  • Linux Kernel 3.7.1
    cpe:2.3:o:linux:linux_kernel:3.7.1
  • Linux Kernel 3.7
    cpe:2.3:o:linux:linux_kernel:3.7
  • Linux Kernel 3.6.9
    cpe:2.3:o:linux:linux_kernel:3.6.9
  • Linux Kernel 3.6.8
    cpe:2.3:o:linux:linux_kernel:3.6.8
  • Linux Kernel 3.6.7
    cpe:2.3:o:linux:linux_kernel:3.6.7
  • Linux Kernel 3.6.6
    cpe:2.3:o:linux:linux_kernel:3.6.6
  • Linux Kernel 3.6.5
    cpe:2.3:o:linux:linux_kernel:3.6.5
  • Linux Kernel 3.6.4
    cpe:2.3:o:linux:linux_kernel:3.6.4
  • Linux Kernel 3.6.3
    cpe:2.3:o:linux:linux_kernel:3.6.3
  • Linux Kernel 3.6.2
    cpe:2.3:o:linux:linux_kernel:3.6.2
  • Linux Kernel 3.6.11
    cpe:2.3:o:linux:linux_kernel:3.6.11
  • Linux Kernel 3.6.10
    cpe:2.3:o:linux:linux_kernel:3.6.10
  • Linux Kernel 3.6.1
    cpe:2.3:o:linux:linux_kernel:3.6.1
  • Linux Kernel 3.6
    cpe:2.3:o:linux:linux_kernel:3.6
  • Linux Kernel 3.5.7
    cpe:2.3:o:linux:linux_kernel:3.5.7
  • Linux Kernel 3.5.6
    cpe:2.3:o:linux:linux_kernel:3.5.6
  • Linux Kernel 3.5.5
    cpe:2.3:o:linux:linux_kernel:3.5.5
  • Linux Kernel 3.5.4
    cpe:2.3:o:linux:linux_kernel:3.5.4
  • Linux Kernel 3.5.3
    cpe:2.3:o:linux:linux_kernel:3.5.3
  • Linux Kernel 3.5.2
    cpe:2.3:o:linux:linux_kernel:3.5.2
  • Linux Kernel 3.5.1
    cpe:2.3:o:linux:linux_kernel:3.5.1
  • Linux Kernel 3.4.9
    cpe:2.3:o:linux:linux_kernel:3.4.9
  • Linux Kernel 3.4.8
    cpe:2.3:o:linux:linux_kernel:3.4.8
  • Linux Kernel 3.4.79
    cpe:2.3:o:linux:linux_kernel:3.4.79
  • Linux Kernel 3.4.78
    cpe:2.3:o:linux:linux_kernel:3.4.78
  • Linux Kernel 3.4.77
    cpe:2.3:o:linux:linux_kernel:3.4.77
  • Linux Kernel 3.4.76
    cpe:2.3:o:linux:linux_kernel:3.4.76
  • Linux Kernel 3.4.75
    cpe:2.3:o:linux:linux_kernel:3.4.75
  • Linux Kernel 3.4.74
    cpe:2.3:o:linux:linux_kernel:3.4.74
  • Linux Kernel 3.4.73
    cpe:2.3:o:linux:linux_kernel:3.4.73
  • Linux Kernel 3.4.72
    cpe:2.3:o:linux:linux_kernel:3.4.72
  • Linux Kernel 3.4.71
    cpe:2.3:o:linux:linux_kernel:3.4.71
  • Linux Kernel 3.4.70
    cpe:2.3:o:linux:linux_kernel:3.4.70
  • Linux Kernel 3.4.7
    cpe:2.3:o:linux:linux_kernel:3.4.7
  • Linux Kernel 3.4.69
    cpe:2.3:o:linux:linux_kernel:3.4.69
  • Linux Kernel 3.4.68
    cpe:2.3:o:linux:linux_kernel:3.4.68
  • Linux Kernel 3.4.67
    cpe:2.3:o:linux:linux_kernel:3.4.67
  • Linux Kernel 3.4.66
    cpe:2.3:o:linux:linux_kernel:3.4.66
  • Linux Kernel 3.4.65
    cpe:2.3:o:linux:linux_kernel:3.4.65
  • Linux Kernel 3.4.64
    cpe:2.3:o:linux:linux_kernel:3.4.64
  • Linux Kernel 3.4.63
    cpe:2.3:o:linux:linux_kernel:3.4.63
  • Linux Kernel 3.4.62
    cpe:2.3:o:linux:linux_kernel:3.4.62
  • Linux Kernel 3.4.61
    cpe:2.3:o:linux:linux_kernel:3.4.61
  • Linux Kernel 3.4.60
    cpe:2.3:o:linux:linux_kernel:3.4.60
  • Linux Kernel 3.4.6
    cpe:2.3:o:linux:linux_kernel:3.4.6
  • Linux Kernel 3.4.59
    cpe:2.3:o:linux:linux_kernel:3.4.59
  • Linux Kernel 3.4.58
    cpe:2.3:o:linux:linux_kernel:3.4.58
  • Linux Kernel 3.4.57
    cpe:2.3:o:linux:linux_kernel:3.4.57
  • Linux Kernel 3.4.56
    cpe:2.3:o:linux:linux_kernel:3.4.56
  • Linux Kernel 3.4.55
    cpe:2.3:o:linux:linux_kernel:3.4.55
  • Linux Kernel 3.4.54
    cpe:2.3:o:linux:linux_kernel:3.4.54
  • Linux Kernel 3.4.53
    cpe:2.3:o:linux:linux_kernel:3.4.53
  • Linux Kernel 3.4.52
    cpe:2.3:o:linux:linux_kernel:3.4.52
  • Linux Kernel 3.4.51
    cpe:2.3:o:linux:linux_kernel:3.4.51
  • Linux Kernel 3.4.50
    cpe:2.3:o:linux:linux_kernel:3.4.50
  • Linux Kernel 3.4.5 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4.5:-:-:-:-:-:x86
  • Linux Kernel 3.4.5
    cpe:2.3:o:linux:linux_kernel:3.4.5
  • Linux Kernel 3.4.49
    cpe:2.3:o:linux:linux_kernel:3.4.49
  • Linux Kernel 3.4.48
    cpe:2.3:o:linux:linux_kernel:3.4.48
  • Linux Kernel 3.4.47
    cpe:2.3:o:linux:linux_kernel:3.4.47
  • Linux Kernel 3.4.46
    cpe:2.3:o:linux:linux_kernel:3.4.46
  • Linux Kernel 3.4.45
    cpe:2.3:o:linux:linux_kernel:3.4.45
  • Linux Kernel 3.4.44
    cpe:2.3:o:linux:linux_kernel:3.4.44
  • Linux Kernel 3.4.43
    cpe:2.3:o:linux:linux_kernel:3.4.43
  • Linux Kernel 3.4.42
    cpe:2.3:o:linux:linux_kernel:3.4.42
  • Linux Kernel 3.4.41
    cpe:2.3:o:linux:linux_kernel:3.4.41
  • Linux Kernel 3.4.40
    cpe:2.3:o:linux:linux_kernel:3.4.40
  • Linux Kernel 3.4.4 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4.4:-:-:-:-:-:x86
  • Linux Kernel 3.4.4
    cpe:2.3:o:linux:linux_kernel:3.4.4
  • Linux Kernel 3.4.39
    cpe:2.3:o:linux:linux_kernel:3.4.39
  • Linux Kernel 3.4.38
    cpe:2.3:o:linux:linux_kernel:3.4.38
  • Linux Kernel 3.4.37
    cpe:2.3:o:linux:linux_kernel:3.4.37
  • Linux Kernel 3.4.36
    cpe:2.3:o:linux:linux_kernel:3.4.36
  • Linux Kernel 3.4.35
    cpe:2.3:o:linux:linux_kernel:3.4.35
  • Linux Kernel 3.4.34
    cpe:2.3:o:linux:linux_kernel:3.4.34
  • Linux Kernel 3.4.33
    cpe:2.3:o:linux:linux_kernel:3.4.33
  • Linux Kernel 3.4.32
    cpe:2.3:o:linux:linux_kernel:3.4.32
  • Linux Kernel 3.4.31
    cpe:2.3:o:linux:linux_kernel:3.4.31
  • Linux Kernel 3.4.30
    cpe:2.3:o:linux:linux_kernel:3.4.30
  • Linux Kernel 3.4.3 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4.3:-:-:-:-:-:x86
  • Linux Kernel 3.4.3
    cpe:2.3:o:linux:linux_kernel:3.4.3
  • Linux Kernel 3.4.29
    cpe:2.3:o:linux:linux_kernel:3.4.29
  • Linux Kernel 3.4.28
    cpe:2.3:o:linux:linux_kernel:3.4.28
  • Linux Kernel 3.4.27
    cpe:2.3:o:linux:linux_kernel:3.4.27
  • Linux Kernel 3.4.26
    cpe:2.3:o:linux:linux_kernel:3.4.26
  • Linux Kernel 3.4.25
    cpe:2.3:o:linux:linux_kernel:3.4.25
  • Linux Kernel 3.4.24
    cpe:2.3:o:linux:linux_kernel:3.4.24
  • Linux Kernel 3.4.23
    cpe:2.3:o:linux:linux_kernel:3.4.23
  • Linux Kernel 3.4.22
    cpe:2.3:o:linux:linux_kernel:3.4.22
  • Linux Kernel 3.4.21
    cpe:2.3:o:linux:linux_kernel:3.4.21
  • Linux Kernel 3.4.20
    cpe:2.3:o:linux:linux_kernel:3.4.20
  • Linux Kernel 3.4.2 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4.2:-:-:-:-:-:x86
  • Linux Kernel 3.4.2
    cpe:2.3:o:linux:linux_kernel:3.4.2
  • Linux Kernel 3.4.19
    cpe:2.3:o:linux:linux_kernel:3.4.19
  • Linux Kernel 3.4.18
    cpe:2.3:o:linux:linux_kernel:3.4.18
  • Linux Kernel 3.4.17
    cpe:2.3:o:linux:linux_kernel:3.4.17
  • Linux Kernel 3.4.16
    cpe:2.3:o:linux:linux_kernel:3.4.16
  • Linux Kernel 3.4.15
    cpe:2.3:o:linux:linux_kernel:3.4.15
  • Linux Kernel 3.4.14
    cpe:2.3:o:linux:linux_kernel:3.4.14
  • Linux Kernel 3.4.13
    cpe:2.3:o:linux:linux_kernel:3.4.13
  • Linux Kernel 3.4.12
    cpe:2.3:o:linux:linux_kernel:3.4.12
  • Linux Kernel 3.4.11
    cpe:2.3:o:linux:linux_kernel:3.4.11
  • Linux Kernel 3.4.10
    cpe:2.3:o:linux:linux_kernel:3.4.10
  • Linux Kernel 3.4.1 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4.1:-:-:-:-:-:x86
  • Linux Kernel 3.4.1
    cpe:2.3:o:linux:linux_kernel:3.4.1
  • Linux Kernel 3.4 release candidate 7 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc7:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.4:rc7
  • Linux Kernel 3.4 release candidate 6 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc6:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.4:rc6
  • Linux Kernel 3.4 release candidate 5 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc5:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.4:rc5
  • Linux Kernel 3.4 release candidate 4 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc4:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.4:rc4
  • Linux Kernel 3.4 release candidate 3 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc3:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.4:rc3
  • Linux Kernel 3.4 release candidate 2 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc2:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.4:rc2
  • Linux Kernel 3.4 release candidate 1 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc1:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.4:rc1
  • Linux Kernel 3.4 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:-:-:-:-:-:x86
  • Linux Kernel 3.4
    cpe:2.3:o:linux:linux_kernel:3.4
  • Linux Kernel 3.3.8
    cpe:2.3:o:linux:linux_kernel:3.3.8
  • Linux Kernel 3.3.7
    cpe:2.3:o:linux:linux_kernel:3.3.7
  • Linux Kernel 3.3.6
    cpe:2.3:o:linux:linux_kernel:3.3.6
  • Linux Kernel 3.3.5
    cpe:2.3:o:linux:linux_kernel:3.3.5
  • Linux Kernel 3.3.4
    cpe:2.3:o:linux:linux_kernel:3.3.4
  • Linux Kernel 3.3.3
    cpe:2.3:o:linux:linux_kernel:3.3.3
  • Linux Kernel 3.3.2
    cpe:2.3:o:linux:linux_kernel:3.3.2
  • Linux Kernel 3.3.1
    cpe:2.3:o:linux:linux_kernel:3.3.1
  • Linux Kernel 3.3 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.3:rc7
  • Linux Kernel 3.3 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.3:rc6
  • Linux Kernel 3.3 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.3:rc5
  • Linux Kernel 3.3 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.3:rc4
  • Linux Kernel 3.3 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.3:rc3
  • Linux Kernel 3.3 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.3:rc2
  • Linux Kernel 3.3 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.3:rc1
  • Linux Kernel 3.3
    cpe:2.3:o:linux:linux_kernel:3.3
  • Linux Kernel 3.2.9
    cpe:2.3:o:linux:linux_kernel:3.2.9
  • Linux Kernel 3.2.8
    cpe:2.3:o:linux:linux_kernel:3.2.8
  • Linux Kernel 3.2.7
    cpe:2.3:o:linux:linux_kernel:3.2.7
  • Linux Kernel 3.2.6
    cpe:2.3:o:linux:linux_kernel:3.2.6
  • Linux Kernel 3.2.5
    cpe:2.3:o:linux:linux_kernel:3.2.5
  • Linux Kernel 3.2.4
    cpe:2.3:o:linux:linux_kernel:3.2.4
  • Linux Kernel 3.2.30
    cpe:2.3:o:linux:linux_kernel:3.2.30
  • Linux Kernel 3.2.3
    cpe:2.3:o:linux:linux_kernel:3.2.3
  • Linux Kernel 3.2.29
    cpe:2.3:o:linux:linux_kernel:3.2.29
  • Linux Kernel 3.2.28
    cpe:2.3:o:linux:linux_kernel:3.2.28
  • Linux Kernel 3.2.27
    cpe:2.3:o:linux:linux_kernel:3.2.27
  • Linux Kernel 3.2.26
    cpe:2.3:o:linux:linux_kernel:3.2.26
  • Linux Kernel 3.2.25
    cpe:2.3:o:linux:linux_kernel:3.2.25
  • Linux Kernel 3.2.24
    cpe:2.3:o:linux:linux_kernel:3.2.24
  • Linux Kernel 3.2.23
    cpe:2.3:o:linux:linux_kernel:3.2.23
  • Linux Kernel 3.2.22
    cpe:2.3:o:linux:linux_kernel:3.2.22
  • Linux Kernel 3.2.21
    cpe:2.3:o:linux:linux_kernel:3.2.21
  • Linux Kernel 3.2.20
    cpe:2.3:o:linux:linux_kernel:3.2.20
  • Linux Kernel 3.2.2
    cpe:2.3:o:linux:linux_kernel:3.2.2
  • Linux Kernel 3.2.19
    cpe:2.3:o:linux:linux_kernel:3.2.19
  • Linux Kernel 3.2.18
    cpe:2.3:o:linux:linux_kernel:3.2.18
  • Linux Kernel 3.2.17
    cpe:2.3:o:linux:linux_kernel:3.2.17
  • Linux Kernel 3.2.16
    cpe:2.3:o:linux:linux_kernel:3.2.16
  • Linux Kernel 3.2.15
    cpe:2.3:o:linux:linux_kernel:3.2.15
  • Linux Kernel 3.2.14
    cpe:2.3:o:linux:linux_kernel:3.2.14
  • Linux Kernel 3.2.13
    cpe:2.3:o:linux:linux_kernel:3.2.13
  • Linux Kernel 3.2.12
    cpe:2.3:o:linux:linux_kernel:3.2.12
  • Linux Kernel 3.2.11
    cpe:2.3:o:linux:linux_kernel:3.2.11
  • Linux Kernel 3.2.10
    cpe:2.3:o:linux:linux_kernel:3.2.10
  • Linux Kernel 3.2.1 (x86)
    cpe:2.3:o:linux:linux_kernel:3.2.1:-:-:-:-:-:x86
  • Linux Kernel 3.2.1
    cpe:2.3:o:linux:linux_kernel:3.2.1
  • Linux Kernel 3.2 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.2:rc7
  • Linux Kernel 3.2 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.2:rc6
  • Linux Kernel 3.2 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.2:rc5
  • Linux Kernel 3.2 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.2:rc4
  • Linux Kernel 3.2 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.2:rc3
  • Linux Kernel 3.2 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.2:rc2
  • Linux Kernel 3.2 (x86)
    cpe:2.3:o:linux:linux_kernel:3.2:-:-:-:-:-:x86
  • Linux Kernel 3.2
    cpe:2.3:o:linux:linux_kernel:3.2
  • Linux Kernel 3.19.8
    cpe:2.3:o:linux:linux_kernel:3.19.8
  • Linux Kernel 3.19.5
    cpe:2.3:o:linux:linux_kernel:3.19.5
  • Linux Kernel 3.19.2
    cpe:2.3:o:linux:linux_kernel:3.19.2
  • Linux Kernel 3.19.1
    cpe:2.3:o:linux:linux_kernel:3.19.1
  • Linux Kernel 3.19
    cpe:2.3:o:linux:linux_kernel:3.19
  • Linux Kernel 3.18.8
    cpe:2.3:o:linux:linux_kernel:3.18.8
  • Linux Kernel 3.18.7
    cpe:2.3:o:linux:linux_kernel:3.18.7
  • Linux Kernel 3.18.4
    cpe:2.3:o:linux:linux_kernel:3.18.4
  • Linux Kernel 3.18.3
    cpe:2.3:o:linux:linux_kernel:3.18.3
  • Linux Kernel 3.18.2
    cpe:2.3:o:linux:linux_kernel:3.18.2
  • Linux Kernel 3.18.1
    cpe:2.3:o:linux:linux_kernel:3.18.1
  • Linux Kernel 3.18.0
    cpe:2.3:o:linux:linux_kernel:3.18.0
  • Linux Kernel 3.17.8
    cpe:2.3:o:linux:linux_kernel:3.17.8
  • Linux Kernel 3.17.3 on ARM64
    cpe:2.3:o:linux:linux_kernel:3.17.3:-:-:-:-:-:arm64
  • Linux Kernel 3.16.1
    cpe:2.3:o:linux:linux_kernel:3.16.1
  • Linux Kernel 3.16.0
    cpe:2.3:o:linux:linux_kernel:3.16.0
  • Linux Kernel 3.15.8
    cpe:2.3:o:linux:linux_kernel:3.15.8
  • Linux Kernel 3.15.7
    cpe:2.3:o:linux:linux_kernel:3.15.7
  • Linux Kernel 3.15.6
    cpe:2.3:o:linux:linux_kernel:3.15.6
  • Linux Kernel 3.15.5
    cpe:2.3:o:linux:linux_kernel:3.15.5
  • Linux Kernel 3.15.4
    cpe:2.3:o:linux:linux_kernel:3.15.4
  • Linux Kernel 3.15.3
    cpe:2.3:o:linux:linux_kernel:3.15.3
  • Linux Kernel 3.15.2
    cpe:2.3:o:linux:linux_kernel:3.15.2
  • Linux Kernel 3.15.10
    cpe:2.3:o:linux:linux_kernel:3.15.10
  • Linux Kernel 3.15.1
    cpe:2.3:o:linux:linux_kernel:3.15.1
  • Linux Kernel 3.15
    cpe:2.3:o:linux:linux_kernel:3.15
  • Linux Kernel 3.14.5
    cpe:2.3:o:linux:linux_kernel:3.14.5
  • Linux Kernel 3.14.4
    cpe:2.3:o:linux:linux_kernel:3.14.4
  • Linux Kernel 3.14.3
    cpe:2.3:o:linux:linux_kernel:3.14.3
  • Linux Kernel 3.14.2
    cpe:2.3:o:linux:linux_kernel:3.14.2
  • Linux Kernel 3.14.1
    cpe:2.3:o:linux:linux_kernel:3.14.1
  • Linux Kernel 3.14 release candidate 8
    cpe:2.3:o:linux:linux_kernel:3.14:rc8
  • Linux Kernel 3.14 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.14:rc7
  • Linux Kernel 3.14 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.14:rc6
  • Linux Kernel 3.14 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.14:rc5
  • Linux Kernel 3.14 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.14:rc4
  • Linux Kernel 3.14 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.14:rc3
  • Linux Kernel 3.14 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.14:rc2
  • Linux Kernel 3.14 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.14:rc1
  • Linux Kernel 3.14
    cpe:2.3:o:linux:linux_kernel:3.14
  • Linux Kernel 3.13.9
    cpe:2.3:o:linux:linux_kernel:3.13.9
  • Linux Kernel 3.13.8
    cpe:2.3:o:linux:linux_kernel:3.13.8
  • Linux Kernel 3.13.7
    cpe:2.3:o:linux:linux_kernel:3.13.7
  • Linux Kernel 3.13.6
    cpe:2.3:o:linux:linux_kernel:3.13.6
  • Linux Kernel 3.13.5
    cpe:2.3:o:linux:linux_kernel:3.13.5
  • Linux Kernel 3.13.4
    cpe:2.3:o:linux:linux_kernel:3.13.4
  • Linux Kernel 3.13.3
    cpe:2.3:o:linux:linux_kernel:3.13.3
  • Linux Kernel 3.13.2
    cpe:2.3:o:linux:linux_kernel:3.13.2
  • Linux Kernel 3.13.11
    cpe:2.3:o:linux:linux_kernel:3.13.11
  • Linux Kernel 3.13.10
    cpe:2.3:o:linux:linux_kernel:3.13.10
  • Linux Kernel 3.13.1
    cpe:2.3:o:linux:linux_kernel:3.13.1
  • Linux Kernel 3.13
    cpe:2.3:o:linux:linux_kernel:3.13
  • Linux Kernel 3.12.9
    cpe:2.3:o:linux:linux_kernel:3.12.9
  • Linux Kernel 3.12.8
    cpe:2.3:o:linux:linux_kernel:3.12.8
  • Linux Kernel 3.12.7
    cpe:2.3:o:linux:linux_kernel:3.12.7
  • Linux Kernel 3.12.6
    cpe:2.3:o:linux:linux_kernel:3.12.6
  • Linux Kernel 3.12.5
    cpe:2.3:o:linux:linux_kernel:3.12.5
  • Linux Kernel 3.12.4
    cpe:2.3:o:linux:linux_kernel:3.12.4
  • Linux Kernel 3.12.3
    cpe:2.3:o:linux:linux_kernel:3.12.3
  • Linux Kernel 3.12.2
    cpe:2.3:o:linux:linux_kernel:3.12.2
  • Linux Kernel 3.12.17
    cpe:2.3:o:linux:linux_kernel:3.12.17
  • Linux Kernel 3.12.16
    cpe:2.3:o:linux:linux_kernel:3.12.16
  • Linux Kernel 3.12.15
    cpe:2.3:o:linux:linux_kernel:3.12.15
  • Linux Kernel 3.12.14
    cpe:2.3:o:linux:linux_kernel:3.12.14
  • Linux Kernel 3.12.13
    cpe:2.3:o:linux:linux_kernel:3.12.13
  • Linux Kernel 3.12.12
    cpe:2.3:o:linux:linux_kernel:3.12.12
  • Linux Kernel 3.12.11
    cpe:2.3:o:linux:linux_kernel:3.12.11
  • Linux Kernel 3.12.10
    cpe:2.3:o:linux:linux_kernel:3.12.10
  • Linux Kernel 3.12.1
    cpe:2.3:o:linux:linux_kernel:3.12.1
  • Linux Kernel 3.12
    cpe:2.3:o:linux:linux_kernel:3.12
  • Linux Kernel 3.11.9
    cpe:2.3:o:linux:linux_kernel:3.11.9
  • Linux Kernel 3.11.8
    cpe:2.3:o:linux:linux_kernel:3.11.8
  • Linux Kernel 3.11.7
    cpe:2.3:o:linux:linux_kernel:3.11.7
  • Linux Kernel 3.11.6
    cpe:2.3:o:linux:linux_kernel:3.11.6
  • Linux Kernel 3.11.5
    cpe:2.3:o:linux:linux_kernel:3.11.5
  • Linux Kernel 3.11.4
    cpe:2.3:o:linux:linux_kernel:3.11.4
  • Linux Kernel 3.11.3
    cpe:2.3:o:linux:linux_kernel:3.11.3
  • Linux Kernel 3.11.2
    cpe:2.3:o:linux:linux_kernel:3.11.2
  • Linux Kernel 3.11.10
    cpe:2.3:o:linux:linux_kernel:3.11.10
  • Linux Kernel 3.11.1
    cpe:2.3:o:linux:linux_kernel:3.11.1
  • Linux Kernel 3.11
    cpe:2.3:o:linux:linux_kernel:3.11
  • Linux Kernel 3.10.9 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.9:-:-:-:-:-:arm64
  • Linux Kernel 3.10.9
    cpe:2.3:o:linux:linux_kernel:3.10.9
  • Linux Kernel 3.10.8 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.8:-:-:-:-:-:arm64
  • Linux Kernel 3.10.8
    cpe:2.3:o:linux:linux_kernel:3.10.8
  • Linux Kernel 3.10.7 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.7:-:-:-:-:-:arm64
  • Linux Kernel 3.10.7
    cpe:2.3:o:linux:linux_kernel:3.10.7
  • Linux Kernel 3.10.6 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.6:-:-:-:-:-:arm64
  • Linux Kernel 3.10.6
    cpe:2.3:o:linux:linux_kernel:3.10.6
  • Linux Kernel 3.10.5 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.5:-:-:-:-:-:arm64
  • Linux Kernel 3.10.5
    cpe:2.3:o:linux:linux_kernel:3.10.5
  • Linux Kernel 3.10.4 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.4:-:-:-:-:-:arm64
  • Linux Kernel 3.10.4
    cpe:2.3:o:linux:linux_kernel:3.10.4
  • Linux Kernel 3.10.3 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.3:-:-:-:-:-:arm64
  • Linux Kernel 3.10.3
    cpe:2.3:o:linux:linux_kernel:3.10.3
  • Linux Kernel 3.10.29
    cpe:2.3:o:linux:linux_kernel:3.10.29
  • Linux Kernel 3.10.28
    cpe:2.3:o:linux:linux_kernel:3.10.28
  • Linux Kernel 3.10.27
    cpe:2.3:o:linux:linux_kernel:3.10.27
  • Linux Kernel 3.10.26
    cpe:2.3:o:linux:linux_kernel:3.10.26
  • Linux Kernel 3.10.25
    cpe:2.3:o:linux:linux_kernel:3.10.25
  • Linux Kernel 3.10.24
    cpe:2.3:o:linux:linux_kernel:3.10.24
  • Linux Kernel 3.10.23
    cpe:2.3:o:linux:linux_kernel:3.10.23
  • Linux Kernel 3.10.22
    cpe:2.3:o:linux:linux_kernel:3.10.22
  • Linux Kernel 3.10.21
    cpe:2.3:o:linux:linux_kernel:3.10.21
  • Linux Kernel 3.10.20
    cpe:2.3:o:linux:linux_kernel:3.10.20
  • Linux Kernel 3.10.2 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.2:-:-:-:-:-:arm64
  • Linux Kernel 3.10.2
    cpe:2.3:o:linux:linux_kernel:3.10.2
  • Linux Kernel 3.10.19
    cpe:2.3:o:linux:linux_kernel:3.10.19
  • Linux Kernel 3.10.18
    cpe:2.3:o:linux:linux_kernel:3.10.18
  • Linux Kernel 3.10.17
    cpe:2.3:o:linux:linux_kernel:3.10.17
  • Linux Kernel 3.10.16
    cpe:2.3:o:linux:linux_kernel:3.10.16
  • Linux Kernel 3.10.15
    cpe:2.3:o:linux:linux_kernel:3.10.15
  • Linux Kernel 3.10.14
    cpe:2.3:o:linux:linux_kernel:3.10.14
  • Linux Kernel 3.10.13
    cpe:2.3:o:linux:linux_kernel:3.10.13
  • Linux Kernel 3.10.2
    cpe:2.3:o:linux:linux_kernel:3.10.12
  • Linux Kernel 3.10.11
    cpe:2.3:o:linux:linux_kernel:3.10.11
  • Linux Kernel 3.10.10
    cpe:2.3:o:linux:linux_kernel:3.10.10
  • Linux Kernel 3.10.1 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.1:-:-:-:-:-:arm64
  • Linux Kernel 3.10.1
    cpe:2.3:o:linux:linux_kernel:3.10.1
  • Linux Kernel 3.10.0 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.0:-:-:-:-:-:arm64
  • Linux Kernel 3.10
    cpe:2.3:o:linux:linux_kernel:3.10
  • Linux Kernel 3.1.9
    cpe:2.3:o:linux:linux_kernel:3.1.9
  • Linux Kernel 3.1.8
    cpe:2.3:o:linux:linux_kernel:3.1.8
  • Linux Kernel 3.1.7
    cpe:2.3:o:linux:linux_kernel:3.1.7
  • Linux Kernel 3.1.6
    cpe:2.3:o:linux:linux_kernel:3.1.6
  • Linux Kernel 3.1.5
    cpe:2.3:o:linux:linux_kernel:3.1.5
  • Linux Kernel 3.1.4
    cpe:2.3:o:linux:linux_kernel:3.1.4
  • Linux Kernel 3.1.3
    cpe:2.3:o:linux:linux_kernel:3.1.3
  • Linux Kernel 3.1.2
    cpe:2.3:o:linux:linux_kernel:3.1.2
  • Linux Kernel 3.1.10
    cpe:2.3:o:linux:linux_kernel:3.1.10
  • Linux Kernel 3.1.1
    cpe:2.3:o:linux:linux_kernel:3.1.1
  • Linux Kernel 3.1 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.1:rc4
  • Linux Kernel 3.1 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.1:rc3
  • Linux Kernel 3.1 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.1:rc2
  • Linux Kernel 3.1 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.1:rc1
  • Linux Kernel 3.1
    cpe:2.3:o:linux:linux_kernel:3.1
  • Linux Kernel 3.0.9
    cpe:2.3:o:linux:linux_kernel:3.0.9
  • Linux Kernel 3.0.8
    cpe:2.3:o:linux:linux_kernel:3.0.8
  • Linux Kernel 3.0.7
    cpe:2.3:o:linux:linux_kernel:3.0.7
  • Linux Kernel 3.0.68
    cpe:2.3:o:linux:linux_kernel:3.0.68
  • Linux Kernel 3.0.67
    cpe:2.3:o:linux:linux_kernel:3.0.67
  • Linux Kernel 3.0.66
    cpe:2.3:o:linux:linux_kernel:3.0.66
  • Linux Kernel 3.0.65
    cpe:2.3:o:linux:linux_kernel:3.0.65
  • Linux Kernel 3.0.64
    cpe:2.3:o:linux:linux_kernel:3.0.64
  • Linux Kernel 3.0.63
    cpe:2.3:o:linux:linux_kernel:3.0.63
  • Linux Kernel 3.0.62
    cpe:2.3:o:linux:linux_kernel:3.0.62
  • Linux Kernel 3.0.61
    cpe:2.3:o:linux:linux_kernel:3.0.61
  • Linux Kernel 3.0.60
    cpe:2.3:o:linux:linux_kernel:3.0.60
  • Linux Kernel 3.0.6
    cpe:2.3:o:linux:linux_kernel:3.0.6
  • Linux Kernel 3.0.59
    cpe:2.3:o:linux:linux_kernel:3.0.59
  • Linux Kernel 3.0.58
    cpe:2.3:o:linux:linux_kernel:3.0.58
  • Linux Kernel 3.0.57
    cpe:2.3:o:linux:linux_kernel:3.0.57
  • Linux Kernel 3.0.56
    cpe:2.3:o:linux:linux_kernel:3.0.56
  • Linux Kernel 3.0.55
    cpe:2.3:o:linux:linux_kernel:3.0.55
  • Linux Kernel 3.0.54
    cpe:2.3:o:linux:linux_kernel:3.0.54
  • Linux Kernel 3.0.53
    cpe:2.3:o:linux:linux_kernel:3.0.53
  • Linux Kernel 3.0.52
    cpe:2.3:o:linux:linux_kernel:3.0.52
  • Linux Kernel 3.0.51
    cpe:2.3:o:linux:linux_kernel:3.0.51
  • Linux Kernel 3.0.50
    cpe:2.3:o:linux:linux_kernel:3.0.50
  • Linux Kernel 3.0.5
    cpe:2.3:o:linux:linux_kernel:3.0.5
  • Linux Kernel 3.0.49
    cpe:2.3:o:linux:linux_kernel:3.0.49
  • Linux Kernel 3.0.48
    cpe:2.3:o:linux:linux_kernel:3.0.48
  • Linux Kernel 3.0.47
    cpe:2.3:o:linux:linux_kernel:3.0.47
  • Linux Kernel 3.0.46
    cpe:2.3:o:linux:linux_kernel:3.0.46
  • Linux Kernel 3.0.45
    cpe:2.3:o:linux:linux_kernel:3.0.45
  • Linux Kernel 3.0.44
    cpe:2.3:o:linux:linux_kernel:3.0.44
  • Linux Kernel 3.0.43
    cpe:2.3:o:linux:linux_kernel:3.0.43
  • Linux Kernel 3.0.42
    cpe:2.3:o:linux:linux_kernel:3.0.42
  • Linux Kernel 3.0.41
    cpe:2.3:o:linux:linux_kernel:3.0.41
  • Linux Kernel 3.0.40
    cpe:2.3:o:linux:linux_kernel:3.0.40
  • Linux Kernel 3.0.4
    cpe:2.3:o:linux:linux_kernel:3.0.4
  • Linux Kernel 3.0.39
    cpe:2.3:o:linux:linux_kernel:3.0.39
  • Linux Kernel 3.0.38
    cpe:2.3:o:linux:linux_kernel:3.0.38
  • Linux Kernel 3.0.37
    cpe:2.3:o:linux:linux_kernel:3.0.37
  • Linux Kernel 3.0.36
    cpe:2.3:o:linux:linux_kernel:3.0.36
  • Linux Kernel 3.0.35
    cpe:2.3:o:linux:linux_kernel:3.0.35
  • Linux Kernel 3.0.34
    cpe:2.3:o:linux:linux_kernel:3.0.34
  • Linux Kernel 3.0.33
    cpe:2.3:o:linux:linux_kernel:3.0.33
  • Linux Kernel 3.0.32
    cpe:2.3:o:linux:linux_kernel:3.0.32
  • Linux Kernel 3.0.31
    cpe:2.3:o:linux:linux_kernel:3.0.31
  • Linux Kernel 3.0.30
    cpe:2.3:o:linux:linux_kernel:3.0.30
  • Linux Kernel 3.0.3
    cpe:2.3:o:linux:linux_kernel:3.0.3
  • Linux Kernel 3.0.29
    cpe:2.3:o:linux:linux_kernel:3.0.29
  • Linux Kernel 3.0.28
    cpe:2.3:o:linux:linux_kernel:3.0.28
  • Linux Kernel 3.0.27
    cpe:2.3:o:linux:linux_kernel:3.0.27
  • Linux Kernel 3.0.26
    cpe:2.3:o:linux:linux_kernel:3.0.26
  • Linux Kernel 3.0.25
    cpe:2.3:o:linux:linux_kernel:3.0.25
  • Linux Kernel 3.0.24
    cpe:2.3:o:linux:linux_kernel:3.0.24
  • Linux Kernel 3.0.23
    cpe:2.3:o:linux:linux_kernel:3.0.23
  • Linux Kernel 3.0.22
    cpe:2.3:o:linux:linux_kernel:3.0.22
  • Linux Kernel 3.0.21
    cpe:2.3:o:linux:linux_kernel:3.0.21
  • Linux Kernel 3.0.20
    cpe:2.3:o:linux:linux_kernel:3.0.20
  • Linux Kernel 3.0.2
    cpe:2.3:o:linux:linux_kernel:3.0.2
  • Linux Kernel 3.0.19
    cpe:2.3:o:linux:linux_kernel:3.0.19
  • Linux Kernel 3.0.18
    cpe:2.3:o:linux:linux_kernel:3.0.18
  • Linux Kernel 3.0.17
    cpe:2.3:o:linux:linux_kernel:3.0.17
  • Linux Kernel 3.0.16
    cpe:2.3:o:linux:linux_kernel:3.0.16
  • Linux Kernel 3.0.15
    cpe:2.3:o:linux:linux_kernel:3.0.15
  • Linux Kernel 3.0.14
    cpe:2.3:o:linux:linux_kernel:3.0.14
  • Linux Kernel 3.0.13
    cpe:2.3:o:linux:linux_kernel:3.0.13
  • Linux Kernel 3.0.12
    cpe:2.3:o:linux:linux_kernel:3.0.12
  • Linux Kernel 3.0.11
    cpe:2.3:o:linux:linux_kernel:3.0.11
  • Linux Kernel 3.0.10
    cpe:2.3:o:linux:linux_kernel:3.0.10
  • Linux Kernel 3.0.1
    cpe:2.3:o:linux:linux_kernel:3.0.1
  • Linux Kernel 3.0 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.0:rc7
  • Linux Kernel 3.0 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.0:rc6
  • Linux Kernel 3.0 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.0:rc5
  • Linux Kernel 3.0 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.0:rc4
  • Linux Kernel 3.0 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.0:rc3
  • Linux Kernel 3.0 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.0:rc2
  • Linux Kernel 3.0 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.0:rc1
CVSS
Base: 2.1 (as of 05-05-2016 - 16:19)
Impact:
Exploitability:
CWE CWE-264
CAPEC
  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Blue Boxing
    This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0333-1.NASL
    description The SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to receive various security and bugfixes. This is the last planned LTSS kernel update for the SUSE Linux Enterprise Server 11 SP2 LTSS. The following security bugs were fixed : - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2004-0230: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#969340). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An out of bounds read in the ping protocol handler could have lead to information disclosure (bsc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2017-5551: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. This CVE tracks the fix for the tmpfs filesystem. (bsc#1021258). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bsc#986365). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandled NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 96903
    published 2017-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96903
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0333-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0437-1.NASL
    description The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs (bsc#1021258). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device NOTE: this vulnerability existed because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2016-5696: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#989152). - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provided an incomplete set of requirements for setattr operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. (bnc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address (bnc#853052). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 97097
    published 2017-02-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97097
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0437-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-772.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2012-6704, CVE-2016-9793 Eric Dumazet found that a local user with CAP_NET_ADMIN capability could set a socket's buffer size to be negative, leading to a denial of service or other security impact. Additionally, in kernel versions prior to 3.5, any user could do this if sysctl net.core.rmem_max was changed to a very large value. CVE-2015-1350 / #770492 Ben Harris reported that local users could remove set-capability attributes from any file visible to them, allowing a denial of service. CVE-2015-8962 Calvin Owens fouund that removing a SCSI device while it was being accessed through the SCSI generic (sg) driver led to a double- free, possibly causing a denial of service (crash or memory corruption) or privilege escalation. This could be exploited by local users with permision to access a SCSI device node. CVE-2015-8963 Sasha Levin reported that hot-unplugging a CPU resulted in a use-after-free by the performance events (perf) subsystem, possibly causing a denial of service (crash or memory corruption) or privilege escalation. This could by exploited by any local user. CVE-2015-8964 It was found that the terminal/serial (tty) subsystem did not reliably reset the terminal buffer state when the terminal line discipline was changed. This could allow a local user with access to a terminal device to read sensitive information from kernel memory. CVE-2016-7097 Jan Kara found that changing the POSIX ACL of a file never cleared its set-group-ID flag, which should be done if the user changing it is not a member of the group-owner. In some cases, this would allow the user-owner of an executable to gain the privileges of the group-owner. CVE-2016-7910 Vegard Nossum discovered that a memory allocation failure while handling a read of /proc/diskstats or /proc/partitions could lead to a use-after-free, possibly causing a denial of service (crash or memory corruption) or privilege escalation. CVE-2016-7911 Dmitry Vyukov reported that a race between ioprio_get() and ioprio_set() system calls could result in a use-after-free, possibly causing a denial of service (crash) or leaking sensitive information. CVE-2016-7915 Benjamin Tissoires found that HID devices could trigger an out-of- bounds memory access in the HID core. A physically present user could possibly use this for denial of service (crash) or to leak sensitive information. CVE-2016-8399 Qidan He reported that the IPv4 ping socket implementation did not validate the length of packets to be sent. A user with permisson to use ping sockets could cause an out-of-bounds read, possibly resulting in a denial of service or information leak. However, on Debian systems no users have permission to create ping sockets by default. CVE-2016-8633 Eyal Itkin reported that the IP-over-Firewire driver (firewire-net) did not validate the offset or length in link-layer fragmentation headers. This allowed a remote system connected by Firewire to write to memory after a packet buffer, leading to a denial of service (crash) or remote code execution. CVE-2016-8645 Marco Grassi reported that if a socket filter (BPF program) attached to a TCP socket truncates or removes the TCP header, this could cause a denial of service (crash). This was exploitable by any local user. CVE-2016-8655 Philip Pettersson found that the implementation of packet sockets (AF_PACKET family) had a race condition between enabling a transmit ring buffer and changing the version of buffers used, which could result in a use-after-free. A local user with the CAP_NET_ADMIN capability could exploit this for privilege escalation. CVE-2016-9178 Al Viro found that a failure to read data from user memory might lead to a information leak on the x86 architecture (amd64 or i386). CVE-2016-9555 Andrey Konovalov reported that the SCTP implementation does not validate 'out of the blue' packet chunk lengths early enough. A remote system able could use this to cause a denial of service (crash) or other security impact for systems using SCTP. CVE-2016-9576, CVE-2016-10088 Dmitry Vyukov reported that using splice() with the SCSI generic driver led to kernel memory corruption. Local users with permision to access a SCSI device node could exploit this for privilege escalation. CVE-2016-9756 Dmitry Vyukov reported that KVM for the x86 architecture (amd64 or i386) did not correctly handle the failure of certain instructions that require software emulation on older processors. This could be exploited by guest systems to leak sensitive information or for denial of service (log spam). CVE-2016-9794 Baozeng Ding reported a race condition in the ALSA (sound) subsystem that could result in a use-after-free. Local users with access to a PCM sound device could exploit this for denial of service (crash or memory corruption) or other security impact. For Debian 7 'Wheezy', these problems have been fixed in version 3.2.84-1. This version also includes bug fixes from upstream version 3.2.84 and updates the PREEMPT_RT featureset to version 3.2.84-rt122. Finally, this version adds the option to mitigate security issues in the performance events (perf) subsystem by disabling use by unprivileged users. This can be done by setting sysctl kernel.perf_event_paranoid=3. For Debian 8 'Jessie', these problems have been fixed in version 3.16.39-1 which will be included in the next point release (8.6). We recommend that you upgrade your linux packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 96188
    published 2017-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96188
    title Debian DLA-772-1 : linux security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3361-1.NASL
    description USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from Ubuntu 16.10. Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. (CVE-2015-1350) Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service (system crash). (CVE-2016-10208) Peter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use this to disclose sensitive information (kernel memory). (CVE-2016-8405) It was discovered that an integer overflow existed in the InfiniBand RDMA over ethernet (RXE) transport implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-8636) Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO PCI driver for the Linux kernel. A local attacker with access to a vfio PCI device file could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084) CAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191) It was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604) Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsystem in the Linux kernel mishandled IPv6 packet reassembly. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9755) Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS. (CVE-2017-2583) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory). (CVE-2017-2584) Dmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service (memory consumption) in the host OS. (CVE-2017-2596) It was discovered that SELinux in the Linux kernel did not properly handle empty writes to /proc/pid/attr. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-2618) Daniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-2671) It was discovered that the freelist-randomization in the SLAB memory allocator allowed duplicate freelist entries. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-5546) It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549) It was discovered that a fencepost error existed in the pipe_advance() function in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5550) It was discovered that the Linux kernel did not clear the setgid bit during a setxattr call on a tmpfs filesystem. A local attacker could use this to gain elevated group privileges. (CVE-2017-5551) Murray McAllister discovered that an integer overflow existed in the VideoCore DRM driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-5576) Gareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. A local privileged attacker could use this to execute arbitrary code. (CVE-2017-5669) Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897) Andrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970) Di Shen discovered that a race condition existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2017-6001) Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214) Andrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-6345) It was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346) Andrey Konovalov discovered that the IP layer in the Linux kernel made improper assumptions about internal data layout when performing checksums. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6347) Dmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348) Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7187) It was discovered that a NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7261) It was discovered that the USB Cypress HID drivers for the Linux kernel did not properly validate reported information from the device. An attacker with physical access could use this to expose sensitive information (kernel memory). (CVE-2017-7273) Eric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472) It was discovered that an information leak existed in the set_mempolicy and mbind compat syscalls in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-7616) Sabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) implementation in the Linux kernel did not properly handle a full request queue. A local attacker could use this to cause a denial of service (infinite recursion). (CVE-2017-7618) Tuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645) Tommi Rantala and Brad Spengler discovered that the memory manager in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker with access to /dev/mem could use this to expose sensitive information or possibly execute arbitrary code. (CVE-2017-7889) Tuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly check for the end of buffer. A remote attacker could use this to craft requests that cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7895) It was discovered that an integer underflow existed in the Edgeport USB Serial Converter device driver of the Linux kernel. An attacker with physical access could use this to expose sensitive information (kernel memory). (CVE-2017-8924) It was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux kernel did not properly perform reference counting. A local attacker could use this to cause a denial of service (tty exhaustion). (CVE-2017-8925) Jann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 101929
    published 2017-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101929
    title Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3361-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0181-1.NASL
    description The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.38 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7039: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666 (bnc#1001486). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-7917: The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel did not check whether a batch message's length field is large enough, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability (bnc#1010444). - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969). - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bnc#1003964). - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine confusion bug (bnc#1007197). - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197). - CVE-2016-9793: A bug in SO_{SND|RCV}BUFFORCE setsockopt() implementation was fixed, which allowed CAP_NET_ADMIN users to cause memory corruption. (bsc#1013531). - CVE-2016-9919: The icmp6_send function in net/ipv6/icmp.c in the Linux kernel omits a certain check of the dst data structure, which allowed remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet (bnc#1014701). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 96603
    published 2017-01-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96603
    title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0181-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-0494-1.NASL
    description The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that did not supply a key, related to the lrw_crypt function in crypto/lrw.c (bnc#1008374). - CVE-2017-5551: Clear S_ISGID on tmpfs when setting posix ACLs (bsc#1021258). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2004-0230: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#969340). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could have enabled a local malicious application to execute arbitrary code within the context of the kernel bnc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel in certain unusual hardware configurations allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux, when the GNU Compiler Collection (gcc) stack protector is enabled, used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 97297
    published 2017-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97297
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0494-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1360-1.NASL
    description The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.74 to receive various security and bugfixes. Notable new/improved features : - Improved support for Hyper-V - Support for the tcp_westwood TCP scheduling algorithm The following security bugs were fixed : - CVE-2017-8106: The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel allowed privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer (bsc#1035877). - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type. (bsc#1029850). - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. (bsc#1030593) - CVE-2016-9604: This fixes handling of keyrings starting with '.' in KEYCTL_JOIN_SESSION_KEYRING, which could have allowed local users to manipulate privileged keyrings (bsc#1035576) - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. (bnc#1033336). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (bsc#1034670). - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579) - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003) - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440) - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052) - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213) - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanaged the #BP and #OF exceptions, which allowed guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest (bsc#1015703). - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415) - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377). - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allowed remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access (bsc#1023762). - CVE-2017-5986: A race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235). - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024) - CVE-2016-9191: The cgroup offline implementation in the Linux kernel mishandled certain drain operations, which allowed local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application (bnc#1008842) - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178). - CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel did not properly restrict execute access, which made it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call (bnc#1023992). - CVE-2016-3070: The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel improperly interacts with mm/migrate.c, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move (bnc#979215). - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212). - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190) - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189) - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066) - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235). - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722) - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697) - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bsc#914939). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003077). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 100320
    published 2017-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100320
    title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1360-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1247-1.NASL
    description The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enabled scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697). - CVE-2016-3070: The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel improperly interacted with mm/migrate.c, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move (bnc#979215). - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanages the #BP and #OF exceptions, which allowed guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest (bnc#1015703). - CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel did not properly restrict execute access, which made it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call (bnc#1023992). - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415). - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377). - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003). - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914). - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allowed remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access (bnc#1023762). - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938). - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bnc#1025235). - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024). - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722). - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190). - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189). - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178). - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066). - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213). - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052). - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440). - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 100150
    published 2017-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100150
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:1247-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1426.NASL
    description The openSUSE Leap 42.2 kernel was updated to 4.4.36 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-7917: The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel did not check whether a batch message's length field is large enough, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability (bnc#1010444). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754). - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bnc#1001486). - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine confusion bug (bnc#1007197). - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-9794: A use-after-free in alsa pcm could lead to crashes or allowed local users to potentially gain privileges (bsc#1013533). The following non-security bugs were fixed : - acpi / pad: do not register acpi_pad driver if running as Xen dom0 (bnc#995278). - Add power key support for PMIcs which are already included in the configs (boo#1012477). Arm64 already has these so no need to patch it. - alsa: hda - Bind with i915 only when Intel graphics is present (bsc#1012767). - alsa: hda - Clear the leftover component assignment at snd_hdac_i915_exit() (bsc#1012767). - alsa: hda - Degrade i915 binding failure message (bsc#1012767). - alsa: hda - Fix yet another i915 pointer leftover in error path (bsc#1012767). - alsa: hda - Gate the mic jack on HP Z1 Gen3 AiO (bsc#1004365). - arm64/efi: Enable runtime call flag checking (bsc#1005745). - arm64/efi: Move to generic {__,}efi_call_virt() (bsc#1005745). - arm64: Refuse to install 4k kernel on 64k system - arm64: Update config files. Disable CONFIG_IPMI_SI_PROBE_DEFAULTS (bsc#1006576) - arm: bcm2835: add CPU node for ARM core (boo#1012094). - arm: bcm2835: Split the DT for peripherals from the DT for the CPU (boo#1012094). - asoc: cht_bsw_rt5645: Enable jack detection (bsc#1010690). - asoc: cht_bsw_rt5645: Fix writing to string literal (bsc#1010690). - asoc: cht_bsw_rt5672: Use HID translation unit (bsc#1010690). - asoc: intel: add function stub when ACPI is not enabled (bsc#1010690). - asoc: Intel: add fw name to common dsp context (bsc#1010690). - asoc: Intel: Add missing 10EC5672 ACPI ID matching for Cherry Trail (bsc#1010690). - asoc: Intel: Add module tags for common match module (bsc#1010690). - asoc: Intel: add NULL test (bsc#1010690). - asoc: Intel: Add quirks for MinnowBoard MAX (bsc#1010690). - asoc: Intel: Add surface3 entry in CHT-RT5645 machine (bsc#1010690). - asoc: Intel: Atom: add 24-bit support for media playback and capture (bsc#1010690). - asoc: Intel: Atom: add deep buffer definitions for atom platforms (bsc#1010690). - asoc: Intel: Atom: add definitions for modem/SSP0 interface (bsc#1010690). - asoc: Intel: Atom: Add quirk for Surface 3 (bsc#1010690). - asoc: Intel: Atom: add support for CHT w/ RT5640 (bsc#1010690). - asoc: Intel: Atom: Add support for HP ElitePad 1000 G2 (bsc#1010690). - asoc: Intel: Atom: add support for RT5642 (bsc#1010690). - asoc: Intel: Atom: add terminate entry for dmi_system_id tables (bsc#1010690). - asoc: Intel: Atom: auto-detection of Baytrail-CR (bsc#1010690). - asoc: Intel: Atom: clean-up compressed DAI definition (bsc#1010690). - asoc: Intel: atom: enable configuration of SSP0 (bsc#1010690). - asoc: Intel: atom: fix 0-day warnings (bsc#1010690). - asoc: Intel: Atom: fix boot warning (bsc#1010690). - asoc: Intel: Atom: Fix message handling during drop stream (bsc#1010690). - asoc: Intel: atom: fix missing breaks that would cause the wrong operation to execute (bsc#1010690). - asoc: Intel: Atom: fix regression on compress DAI (bsc#1010690). - asoc: Intel: Atom: flip logic for gain Switch (bsc#1010690). - asoc: Intel: atom: Make some messages to debug level (bsc#1010690). - asoc: Intel: Atom: move atom driver to common acpi match (bsc#1010690). - asoc: Intel: atom: statify cht_quirk (bsc#1010690). - asoc: Intel: boards: add DEEP_BUFFER support for BYT/CHT/BSW (bsc#1010690). - asoc: Intel: boards: align pin names between byt-rt5640 drivers (bsc#1010690). - asoc: Intel: boards: merge DMI-based quirks in bytcr-rt5640 driver (bsc#1010690). - asoc: Intel: boards: start merging byt-rt5640 drivers (bsc#1010690). - asoc: Intel: bytcr_rt56040: additional routing quirks (bsc#1010690). - asoc: Intel: bytcr-rt5640: add Asus T100TAF quirks (bsc#1010690). - asoc: Intel: bytcr_rt5640: add IN3 map (bsc#1010690). - asoc: Intel: bytcr_rt5640: add MCLK support (bsc#1010690). - asoc: Intel: bytcr_rt5640: Add quirk for Teclast X98 Air 3G tablet (bsc#1010690). - asoc: Intel: bytcr_rt5640: add SSP2_AIF2 routing (bsc#1010690). - asoc: Intel: bytcr_rt5640: change quirk position (bsc#1010690). - asoc: Intel: bytcr_rt5640: default routing and quirks on Baytrail-CR (bsc#1010690). - asoc: Intel: bytcr-rt5640: enable ASRC (bsc#1010690). - asoc: Intel: bytcr_rt5640: enable differential mic quirk (bsc#1010690). - asoc: Intel: bytcr_rt5640: fix dai/clock setup for SSP0 routing (bsc#1010690). - asoc: Intel: bytcr_rt5640: fixup DAI codec_name with HID (bsc#1010690). - asoc: Intel: bytcr_rt5640: log quirks (bsc#1010690). - asoc: Intel: bytcr_rt5640: quirk for Acer Aspire SWS-012 (bsc#1010690). - asoc: Intel: bytcr_rt5640: quirk for mono speaker (bsc#1010690). - asoc: Intel: bytcr_rt5640: set SSP to I2S mode 2ch (bsc#1010690). - asoc: Intel: bytcr_rt5640: use HID translation util (bsc#1010690). - asoc: Intel: cht: fix uninit variable warning (bsc#1010690). - asoc: Intel: common: add translation from HID to codec-name (bsc#1010690). - asoc: Intel: common: filter ACPI devices with _STA return value (bsc#1010690). - asoc: Intel: common: increase the loglevel of 'FW Poll Status' (bsc#1010690). - asoc: Intel: Create independent acpi match module (bsc#1010690). - asoc: intel: Fix sst-dsp dependency on dw stuff (bsc#1010690). - asoc: Intel: Keep building old baytrail machine drivers (bsc#1010690). - asoc: Intel: Load the atom DPCM driver only (bsc#1010690). - asoc: intel: make function stub static (bsc#1010690). - asoc: Intel: Move apci find machine routines (bsc#1010690). - asoc: intel: Replace kthread with work (bsc#1010690). - asoc: Intel: Skylake: Always acquire runtime pm ref on unload (bsc#1005917). - asoc: Intel: sst: fix sst_memcpy32 wrong with non-4x bytes issue (bsc#1010690). - asoc: rt5640: add ASRC support (bsc#1010690). - asoc: rt5640: add internal clock source support (bsc#1010690). - asoc: rt5640: add master clock handling for rt5640 (bsc#1010690). - asoc: rt5640: add supplys for dac power (bsc#1010690). - asoc: rt5640: remove unused variable (bsc#1010690). - asoc: rt5640: Set PLL src according to source (bsc#1010690). - asoc: rt5645: add DAC1 soft volume func control (bsc#1010690). - asoc: rt5645: Add dmi_system_id 'Google Setzer' (bsc#1010690). - asoc: rt5645: extend delay time for headphone pop noise (bsc#1010690). - asoc: rt5645: fix reg-2f default value (bsc#1010690). - asoc: rt5645: improve headphone pop when system resumes from S3 (bsc#1010690). - asoc: rt5645: improve IRQ reaction time for HS button (bsc#1010690). - asoc: rt5645: merge DMI tables of google projects (bsc#1010690). - asoc: rt5645: patch reg-0x8a (bsc#1010690). - asoc: rt5645: polling jd status in all conditions (bsc#1010690). - asoc: rt5645: Separate regmap for rt5645 and rt5650 (bsc#1010690). - asoc: rt5645: set RT5645_PRIV_INDEX as volatile (bsc#1010690). - asoc: rt5645: use polling to support HS button (bsc#1010690). - asoc: rt5645: Use the mod_delayed_work instead of the queue_delayed_work and cancel_delayed_work_sync (bsc#1010690). - asoc: rt5670: Add missing 10EC5072 ACPI ID (bsc#1010690). - asoc: rt5670: Enable Braswell platform workaround for Dell Wyse 3040 (bsc#1010690). - asoc: rt5670: fix HP Playback Volume control (bsc#1010690). - asoc: rt5670: patch reg-0x8a (bsc#1010690). - blacklist.conf: Remove intel_pstate potential patch that SLE 12 SP2 The code layout upstream that motivated this patch is completely different to what is in SLE 12 SP2 as schedutil was not backported. - bna: Add synchronization for tx ring (bsc#993739). - btrfs: allocate root item at snapshot ioctl time (bsc#1012452). - btrfs: better packing of btrfs_delayed_extent_op (bsc#1012452). - btrfs: Check metadata redundancy on balance (bsc#1012452). - btrfs: clean up an error code in btrfs_init_space_info() (bsc#1012452). - btrfs: cleanup, stop casting for extent_map->lookup everywhere (bsc#1012452). - btrfs: cleanup, use enum values for btrfs_path reada (bsc#1012452). - btrfs: deal with duplicates during extent_map insertion in btrfs_get_extent (bsc#1001171). - btrfs: deal with existing encompassing extent map in btrfs_get_extent() (bsc#1001171). - btrfs: do an allocation earlier during snapshot creation (bsc#1012452). - btrfs: do not create or leak aliased root while cleaning up orphans (bsc#994881). - btrfs: do not leave dangling dentry if symlink creation failed (bsc#1012452). - btrfs: do not use slab cache for struct btrfs_delalloc_work (bsc#1012452). - btrfs: drop duplicate prefix from scrub workqueues (bsc#1012452). - btrfs: drop unused parameter from lock_extent_bits (bsc#1012452). - btrfs: Enhance chunk validation check (bsc#1012452). - btrfs: Enhance super validation check (bsc#1012452). - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666). - btrfs: Expoert and move leaf/subtree qgroup helpers to qgroup.c (bsc983087, bsc986255). - btrfs: fix incremental send failure caused by balance (bsc#985850). - btrfs: fix locking bugs when defragging leaves (bsc#1012452). - btrfs: fix memory leaks after transaction is aborted (bsc#1012452). - btrfs: fix output of compression message in btrfs_parse_options() (bsc#1012452). - btrfs: fix race between free space endio workers and space cache writeout (bsc#1012452). - btrfs: fix races on root_log_ctx lists (bsc#1007653). - btrfs: fix race when finishing dev replace leading to transaction abort (bsc#1012452). - btrfs: fix relocation incorrectly dropping data references (bsc#990384). - btrfs: fix typo in log message when starting a balance (bsc#1012452). - btrfs: fix unprotected list operations at btrfs_write_dirty_block_groups (bsc#1012452). - btrfs: handle quota reserve failure properly (bsc#1005666). - btrfs: make btrfs_close_one_device static (bsc#1012452). - btrfs: make clear_extent_bit helpers static inline (bsc#1012452). - btrfs: make clear_extent_buffer_uptodate return void (bsc#1012452). - btrfs: make end_extent_writepage return void (bsc#1012452). - btrfs: make extent_clear_unlock_delalloc return void (bsc#1012452). - btrfs: make extent_range_clear_dirty_for_io return void (bsc#1012452). - btrfs: make extent_range_redirty_for_io return void (bsc#1012452). - btrfs: make lock_extent static inline (bsc#1012452). - btrfs: make set_extent_bit helpers static inline (bsc#1012452). - btrfs: make set_extent_buffer_uptodate return void (bsc#1012452). - btrfs: make set_range_writeback return void (bsc#1012452). - btrfs: preallocate path for snapshot creation at ioctl time (bsc#1012452). - btrfs: put delayed item hook into inode (bsc#1012452). - btrfs: qgroup: Add comments explaining how btrfs qgroup works (bsc983087, bsc986255). - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc983087, bsc986255). - btrfs: qgroup: Rename functions to make it follow reserve, trace, account steps (bsc983087, bsc986255). - btrfs: remove a trivial helper btrfs_set_buffer_uptodate (bsc#1012452). - btrfs: remove root_log_ctx from ctx list before btrfs_sync_log returns (bsc#1007653). - btrfs: remove unused inode argument from uncompress_inline() (bsc#1012452). - btrfs: remove wait from struct btrfs_delalloc_work (bsc#1012452). - btrfs: send, do not bug on inconsistent snapshots (bsc#985850). - btrfs: sink parameter wait to btrfs_alloc_delalloc_work (bsc#1012452). - btrfs: Support convert to -d dup for btrfs-convert (bsc#1012452). - btrfs: Update patches.suse/btrfs-8401-fix-qgroup-accounting-when-creat ing-snap.patch (bsc#972993). - btrfs: use GFP_KERNEL for allocations in ioctl handlers (bsc#1012452). - btrfs: use GFP_KERNEL for allocations of workqueues (bsc#1012452). - btrfs: use GFP_KERNEL for xattr and acl allocations (bsc#1012452). - btrfs: use smaller type for btrfs_path locks (bsc#1012452). - btrfs: use smaller type for btrfs_path lowest_level (bsc#1012452). - btrfs: use smaller type for btrfs_path reada (bsc#1012452). - btrfs: verbose error when we find an unexpected item in sys_array (bsc#1012452). - config: i2c: Enable CONFIG_I2C_DESIGNWARE_PLATFORM and *_BAYTRAIL (bsc#1010690) Realtek codecs on CHT platform require this i2c bus driver. - config: select new CONFIG_SND_SOC_INTEL_SST_* helpers - config: Update config files. (boo#1012094) - config: Update config files (bsc#1009454) Do not set CONFIG_EFI_SECURE_BOOT_SECURELEVEL in x86_64/default and x86_64/debug. We do not need to set CONFIG_EFI_SECURE_BOOT_SECURELEVEL in openSUSE kernel because openSUSE does not enable kernel module signature check (bsc#843661). Without kernel module signature check, the root account is allowed to load arbitrary kernel module to kernel space. Then lock functions by securelevel is pointless. - cxgbi: fix uninitialized flowi6 (bsc#963904 FATE#320115). - Delete patches.fixes/Add-a-missed-complete-in-iscsit_close_conn ection.patch. remove patch Add-a-missed-complete-in-iscsit_close_connection.patch add bsc#997807 bsc#992555 in patch-4.4.27-28 references - dell-laptop: Fixate rfkill work on CPU#0 (bsc#1004052). - dell-wmi: Check if Dell WMI descriptor structure is valid (bsc#1004052). - dell-wmi: Clean up hotkey table size check (bsc#1004052). - dell-wmi: Ignore WMI event code 0xe045 (bsc#1004052). - dell-wmi: Improve unknown hotkey handling (bsc#1004052). - dell-wmi: Process only one event on devices with interface version 0 (bsc#1004052). - dell-wmi: Stop storing pointers to DMI tables (bsc#1004052). - dell-wmi: Support new hotkeys on the XPS 13 9350 (Skylake) (bsc#1004052). - dell_wmi: Use a C99-style array for bios_to_linux_keycode (bsc#1004052). - drm/i915: Add missing ring_mask to Pineview (bsc#1005917). - drm/i915: Calculate watermark related members in the crtc_state, v4 (bsc#1011176). - drm/i915/ivb: Move WaCxSRDisabledForSpriteScaling w/a to atomic check (bsc#1011176). - drm/i915: Move disable_cxsr to the crtc_state (bsc#1011176). - drm/mgag200: fix error return code in mgag200fb_create() (bsc#1005917). - drm/radeon: Also call cursor_move_locked when the cursor size changes (bsc#1000433). - drm/radeon: Always store CRTC relative radeon_crtc->cursor_x/y values (bsc#1000433). - drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to on (bsc#998054) - drm/radeon: Hide the HW cursor while it's out of bounds (bsc#1000433). - drm/radeon: Switch to drm_vblank_on/off (bsc#998054). - Drop kernel-obs-qa-xen unconditionally (bsc#1010040) The IBS cannot build it, even if there is a xen-capable kernel-obs-build. - edac/mce_amd: Add missing SMCA error descriptions (fate#320474, bsc#1013700). - edac/mce_amd: Use SMCA prefix for error descriptions arrays (fate#320474, bsc#1013700). - efi/runtime-wrappers: Add {__,}efi_call_virt() templates (bsc#1005745). - efi/runtime-wrappers: Detect firmware IRQ flag corruption (bsc#1005745). - efi/runtime-wrappers: Remove redundant #ifdefs (bsc#1005745). - ext4: fix data exposure after a crash (bsc#1012829). - fs, block: force direct-I/O for dax-enabled block devices (bsc#1012992). - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681). - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133). - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133). - fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133). - fuse: Fixup buggy conflict resolution in patches.fixes/fuse-Propagate-dentry-down-to-inode_change _ok.patch. - genirq: Add untracked irq handler (bsc#1006827). - genirq: Use a common macro to go through the actions list (bsc#1006827). - gre: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU (bsc#1001486). - gro: Allow tunnel stacking in the case of FOU/GUE (bsc#1001486). - hpsa: fallback to use legacy REPORT PHYS command (bsc#1006175). - hpsa: use bus '3' for legacy HBA devices (bsc#1010665). - hpsa: use correct DID_NO_CONNECT hostbyte (bsc#1010665). - hv: do not lose pending heartbeat vmbus packets (bnc#1006918). - i2c: designware-baytrail: Work around Cherry Trail semaphore errors (bsc#1011913). - i2c: xgene: Avoid dma_buffer overrun (bsc#1006576). - i40e: fix an uninitialized variable bug (bsc#969476 FATE#319648). - i40e: fix broken i40e_config_rss_aq function (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40e: Remove redundant memset (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i810: Enable Intel i810 audio driver used in OpenQA VMs. - Import kabi files for x86_64/default from 4.4.27-2.1 - iommu/arm-smmu: Add support for 16 bit VMID (fate#319978). - iommu/arm-smmu: Workaround for ThunderX erratum #27704 (fate#319978). - ipmi_si: create hardware-independent softdep for ipmi_devintf (bsc#1009062). - kABI: protect struct mmc_packed (kabi). - kABI: protect struct mmc_packed (kabi). - kABI: reintroduce sk_filter (kabi). - kABI: reintroduce strtobool (kabi). - kABI: reintroduce strtobool (kabi). - kABI: restore ip_cmsg_recv_offset parameters (kabi). - kabi/severities: Ignore kABI for asoc Intel SST drivers (bsc#1010690) These drivers are self-contained, not for 3rd party drivers. - kernel-module-subpackage: Properly quote flavor in expressions That fixes a parse error if the flavor starts with a digit or contains other non-alphabetic characters. - kgr: ignore zombie tasks during the patching (bnc#1008979). - md/raid1: fix: IO can block resync indefinitely (bsc#1001310). - mm: do not use radix tree writeback tags for pages in swap cache (bnc#971975 VM performance -- swap). - mm/filemap: generic_file_read_iter(): check for zero reads unconditionally (bnc#1007955). - mm/mprotect.c: do not touch single threaded PTEs which are on the right node (bnc#971975 VM performance -- numa balancing). - net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported devices (bsc#1006809). - net: sctp, forbid negative length (bnc#1005921). - netvsc: fix incorrect receive checksum offloading (bnc#1006915). - overlayfs: allow writing on read-only btrfs subvolumes (bsc#1010158) - pci/ACPI: Allow all PCIe services on non-ACPI host bridges (bsc#1006827). - pci: Allow additional bus numbers for hotplug bridges (bsc#1006827). - pci: correctly cast mem_base in pci_read_bridge_mmio_pref() (bsc#1001888). - pci: pciehp: Allow exclusive userspace control of indicators (bsc#1006827). - pci: Remove return values from pcie_port_platform_notify() and relatives (bsc#1006827). - perf/x86: Add perf support for AMD family-17h processors (fate#320473). - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813). - proc: much faster /proc/vmstat (bnc#971975 VM performance -- vmstat). - qede: Correctly map aggregation replacement pages (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - qed: FLR of active VFs might lead to FW assert (bsc#966318 FATE#320158 bsc#966316 FATE#320159). - Reformat spec files according to the format_spec_file osc helper - Replace patches.kabi/kabi-hide-new-member-recursion_counter-in-s truct-sk_.patch by patches.kabi/kabi-hide-bsc-1001486-changes-in-struct-nap i_gro_cb.patch - Revert 'ACPI / LPSS: allow to use specific PM domain during ->probe()' (bsc#1005917). - Revert 'fix minor infoleak in get_user_ex()' (p.k.o). - REVERT fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681) - Revert 'x86/mm: Expand the exception table logic to allow new handling options' (p.k.o). - rpm/config.sh: Build against SP2 in the OBS as well - rpm/constraints.in: increase disk for kernel-syzkaller The kernel-syzkaller build now consumes around 30G. This causes headache in factory where the package rebuilds over and over. Require 35G disk size to successfully build the flavor. - rpm/kernel-binary.spec.in: Build the -base package unconditionally (bsc#1000118) - rpm/kernel-binary.spec.in: Do not create KMPs with CONFIG_MODULES=n - rpm/kernel-binary.spec.in: Only build -base and -extra with CONFIG_MODULES (bsc#1000118) - rpm/kernel-binary.spec.in: Simplify debug info switch Any CONFIG_DEBUG_INFO sub-options are answered in the configs nowadays. - rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060) - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059) - rpm/package-descriptions: Add 64kb kernel flavor description - rpm/package-descriptions: add kernel-syzkaller - rpm/package-descriptions: pv has been merged into -default (fate#315712) - rpm/package-descriptions: the flavor is 64kb, not 64k - sched/core: Optimize __schedule() (bnc#978907 Scheduler performance -- context switch). - sched/fair: Optimize find_idlest_cpu() when there is no choice (bnc#978907 Scheduler performance -- idle search). - supported.conf: Add overlay.ko to -base (fate#321903) Also, delete the stale entry for the old overlayfs. - supported.conf: Mark vmx-crypto as supported (fate#319564) - tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#963609 FATE#320143). - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615). - Whitelist KVM KABI changes resulting from adding a hcall. caused by 5246adec59458b5d325b8e1462ea9ef3ead7f6ae powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec No problem is expected as result of changing KVM KABI so whitelisting for now. If we get some additional input from IBM we can back out the patch. - writeback: initialize inode members that track writeback history (bsc#1012829). - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq() (bsc#1013479). - x86/efi: Enable runtime call flag checking (bsc#1005745). - x86/efi: Move to generic {__,}efi_call_virt() (bsc#1005745). - x86/mce/AMD, EDAC/mce_amd: Define and use tables for known SMCA IP types (fate#320474, bsc#1013700). Exclude removed symbols from kABI check. They're AMD Zen relevant only and completely useless to other modules - only edac_mce_amd.ko. - x86/mce/AMD: Increase size of the bank_map type (fate#320474, bsc#1013700). - x86/mce/AMD: Read MSRs on the CPU allocating the threshold blocks (fate#320474, bsc#1013700). - x86/mce/AMD: Update sysfs bank names for SMCA systems (fate#320474, bsc#1013700). - x86/mce/AMD: Use msr_ops.misc() in allocate_threshold_blocks() (fate#320474, bsc#1013700). - x86/PCI: VMD: Attach VMD resources to parent domain's resource tree (bsc#1006827). - x86/PCI: VMD: Document code for maintainability (bsc#1006827). - x86/PCI: VMD: Fix infinite loop executing irq's (bsc#1006827). - x86/PCI: VMD: Initialize list item in IRQ disable (bsc#1006827). - x86/PCI: VMD: Request userspace control of PCIe hotplug indicators (bsc#1006827). - x86/PCI: VMD: Select device dma ops to override (bsc#1006827). - x86/PCI: VMD: Separate MSI and MSI-X vector sharing (bsc#1006827). - x86/PCI: VMD: Set bus resource start to 0 (bsc#1006827). - x86/PCI: VMD: Use lock save/restore in interrupt enable path (bsc#1006827). - x86/PCI/VMD: Use untracked irq handler (bsc#1006827). - x86/PCI: VMD: Use x86_vector_domain as parent domain (bsc#1006827). - xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing (bnc#1005169). - zram: Fix unbalanced idr management at hot removal (bsc#1010970).
    last seen 2019-02-21
    modified 2018-05-23
    plugin id 95701
    published 2016-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95701
    title openSUSE Security Update : the Linux Kernel (openSUSE-2016-1426)
refmap via4
bid 76075
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1185139
misc https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492
mlist
  • [linux-kernel] 20150117 [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks
  • [oss-security] 20150124 Re: CVE Request: Linux kernel - Denial of service in notify_change for xattrs.
Last major update 01-02-2017 - 21:59
Published 02-05-2016 - 06:59
Back to Top