Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2015-8019
Vulnerability from cvelistv5
Published
2016-05-02 10:00
Modified
2024-08-06 08:06
Severity ?
EPSS score ?
Summary
The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:06:31.619Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20151027 CVE Request: Linux kernel: Buffer overflow when copying data from skbuff to userspace", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/10/27/11", }, { name: "SUSE-SU-2016:1994", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { name: "SUSE-SU-2016:1961", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276588", }, { name: "SUSE-SU-2016:2009", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://patchwork.ozlabs.org/patch/530642/", }, { name: "SUSE-SU-2016:2005", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { name: "77326", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/77326", }, { name: "SUSE-SU-2016:1995", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-10-27T00:00:00", descriptions: [ { lang: "en", value: "The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20151027 CVE Request: Linux kernel: Buffer overflow when copying data from skbuff to userspace", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/10/27/11", }, { name: "SUSE-SU-2016:1994", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { name: "SUSE-SU-2016:1961", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276588", }, { name: "SUSE-SU-2016:2009", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { tags: [ "x_refsource_MISC", ], url: "http://patchwork.ozlabs.org/patch/530642/", }, { name: "SUSE-SU-2016:2005", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { name: "77326", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/77326", }, { name: "SUSE-SU-2016:1995", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8019", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20151027 CVE Request: Linux kernel: Buffer overflow when copying data from skbuff to userspace", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/10/27/11", }, { name: "SUSE-SU-2016:1994", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { name: "SUSE-SU-2016:1961", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1276588", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276588", }, { name: "SUSE-SU-2016:2009", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { name: "http://patchwork.ozlabs.org/patch/530642/", refsource: "MISC", url: "http://patchwork.ozlabs.org/patch/530642/", }, { name: "SUSE-SU-2016:2005", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { name: "77326", refsource: "BID", url: "http://www.securityfocus.com/bid/77326", }, { name: "SUSE-SU-2016:1995", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-8019", datePublished: "2016-05-02T10:00:00", dateReserved: "2015-10-28T00:00:00", dateUpdated: "2024-08-06T08:06:31.619Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2015-8019\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-05-02T10:59:17.233\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.\"},{\"lang\":\"es\",\"value\":\"La función skb_copy_and_csum_datagram_iovec en net/core/datagram.c en el kernel de Linux 3.14.54 y 3.18.22 no acepta un argumento length, lo que permite a usuarios locales provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de una llamada de sistema write seguida por una llamada de sistema recvmsg.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.14.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0DACDE5-D562-4F1F-BA8B-F8444BD684C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.18.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DABD193-4997-477A-9878-FA5CD4AEEC4D\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://patchwork.ozlabs.org/patch/530642/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/10/27/11\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/77326\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1276588\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://patchwork.ozlabs.org/patch/530642/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2015/10/27/11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/77326\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1276588\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
suse-su-2016:2005-1
Vulnerability from csaf_suse
Published
2016-08-09 11:24
Modified
2016-08-09 11:24
Summary
Security update for Linux Kernel Live Patch 8 for SLE 12
Notes
Title of the patch
Security update for Linux Kernel Live Patch 8 for SLE 12
Description of the patch
This update for the Linux Kernel 3.12.48-52_27 fixes several issues.
The following security bugs were fixed:
- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764).
- CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144).
- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883).
- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856).
- CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078).
- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074).
- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064).
- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793).
- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837).
Patchnames
SUSE-SLE-SAP-12-2016-1176,SUSE-SLE-SERVER-12-2016-1176
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for Linux Kernel Live Patch 8 for SLE 12", title: "Title of the patch", }, { category: "description", text: "This update for the Linux Kernel 3.12.48-52_27 fixes several issues.\n\nThe following security bugs were fixed:\n- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764).\n- CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144).\n- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883).\n- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856).\n- CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078).\n- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074).\n- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064).\n- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-SAP-12-2016-1176,SUSE-SLE-SERVER-12-2016-1176", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2005-1.json", }, { category: "self", summary: "URL for SUSE-SU-2016:2005-1", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20162005-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2016:2005-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2016-August/002191.html", }, { category: "self", summary: "SUSE Bug 955837", url: "https://bugzilla.suse.com/955837", }, { category: "self", summary: "SUSE Bug 971793", url: "https://bugzilla.suse.com/971793", }, { category: "self", summary: "SUSE Bug 973570", url: "https://bugzilla.suse.com/973570", }, { category: "self", summary: "SUSE Bug 979064", url: "https://bugzilla.suse.com/979064", }, { category: "self", summary: "SUSE Bug 979074", url: "https://bugzilla.suse.com/979074", }, { category: "self", summary: "SUSE Bug 979078", url: "https://bugzilla.suse.com/979078", }, { category: "self", summary: "SUSE Bug 980856", url: "https://bugzilla.suse.com/980856", }, { category: "self", summary: "SUSE Bug 980883", url: "https://bugzilla.suse.com/980883", }, { category: "self", summary: "SUSE Bug 983144", url: "https://bugzilla.suse.com/983144", }, { category: "self", summary: "SUSE Bug 984764", url: "https://bugzilla.suse.com/984764", }, { category: "self", summary: "SUSE CVE CVE-2013-7446 page", url: "https://www.suse.com/security/cve/CVE-2013-7446/", }, { category: "self", summary: "SUSE CVE CVE-2015-8019 page", url: "https://www.suse.com/security/cve/CVE-2015-8019/", }, { category: "self", summary: "SUSE CVE CVE-2015-8816 page", url: "https://www.suse.com/security/cve/CVE-2015-8816/", }, { category: "self", summary: "SUSE CVE CVE-2016-0758 page", url: "https://www.suse.com/security/cve/CVE-2016-0758/", }, { category: "self", summary: "SUSE CVE CVE-2016-1583 page", url: "https://www.suse.com/security/cve/CVE-2016-1583/", }, { category: "self", summary: "SUSE CVE CVE-2016-2053 page", url: "https://www.suse.com/security/cve/CVE-2016-2053/", }, { category: "self", summary: "SUSE CVE CVE-2016-3134 page", url: "https://www.suse.com/security/cve/CVE-2016-3134/", }, { category: "self", summary: "SUSE CVE CVE-2016-4470 page", url: "https://www.suse.com/security/cve/CVE-2016-4470/", }, { category: "self", summary: "SUSE CVE CVE-2016-4565 page", url: "https://www.suse.com/security/cve/CVE-2016-4565/", }, ], title: "Security update for Linux Kernel Live Patch 8 for SLE 12", tracking: { current_release_date: "2016-08-09T11:24:17Z", generator: { date: "2016-08-09T11:24:17Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2016:2005-1", initial_release_date: "2016-08-09T11:24:17Z", revision_history: [ { date: "2016-08-09T11:24:17Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", product: { name: "kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", product_id: "kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", }, }, { category: "product_version", name: "kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", product: { name: "kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", product_id: "kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12-LTSS", product: { name: "SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", }, product_reference: "kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", }, product_reference: "kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", }, product_reference: "kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", }, product_reference: "kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, ], }, vulnerabilities: [ { cve: "CVE-2013-7446", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-7446", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-7446", url: "https://www.suse.com/security/cve/CVE-2013-7446", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2013-7446", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 955654 for CVE-2013-7446", url: "https://bugzilla.suse.com/955654", }, { category: "external", summary: "SUSE Bug 955837 for CVE-2013-7446", url: "https://bugzilla.suse.com/955837", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:24:17Z", details: "moderate", }, ], title: "CVE-2013-7446", }, { cve: "CVE-2015-8019", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8019", }, ], notes: [ { category: "general", text: "The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8019", url: "https://www.suse.com/security/cve/CVE-2015-8019", }, { category: "external", summary: "SUSE Bug 1032268 for CVE-2015-8019", url: "https://bugzilla.suse.com/1032268", }, { category: "external", summary: "SUSE Bug 951199 for CVE-2015-8019", url: "https://bugzilla.suse.com/951199", }, { category: "external", summary: "SUSE Bug 952587 for CVE-2015-8019", url: "https://bugzilla.suse.com/952587", }, { category: "external", summary: "SUSE Bug 979078 for CVE-2015-8019", url: "https://bugzilla.suse.com/979078", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:24:17Z", details: "moderate", }, ], title: "CVE-2015-8019", }, { cve: "CVE-2015-8816", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8816", }, ], notes: [ { category: "general", text: "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8816", url: "https://www.suse.com/security/cve/CVE-2015-8816", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2015-8816", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 968010 for CVE-2015-8816", url: "https://bugzilla.suse.com/968010", }, { category: "external", summary: "SUSE Bug 979064 for CVE-2015-8816", url: "https://bugzilla.suse.com/979064", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:24:17Z", details: "moderate", }, ], title: "CVE-2015-8816", }, { cve: "CVE-2016-0758", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0758", }, ], notes: [ { category: "general", text: "Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0758", url: "https://www.suse.com/security/cve/CVE-2016-0758", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-0758", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1072204 for CVE-2016-0758", url: "https://bugzilla.suse.com/1072204", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-0758", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 979867 for CVE-2016-0758", url: "https://bugzilla.suse.com/979867", }, { category: "external", summary: "SUSE Bug 980856 for CVE-2016-0758", url: "https://bugzilla.suse.com/980856", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:24:17Z", details: "important", }, ], title: "CVE-2016-0758", }, { cve: "CVE-2016-1583", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1583", }, ], notes: [ { category: "general", text: "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1583", url: "https://www.suse.com/security/cve/CVE-2016-1583", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-1583", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1052256 for CVE-2016-1583", url: "https://bugzilla.suse.com/1052256", }, { category: "external", summary: "SUSE Bug 983143 for CVE-2016-1583", url: "https://bugzilla.suse.com/983143", }, { category: "external", summary: "SUSE Bug 983144 for CVE-2016-1583", url: "https://bugzilla.suse.com/983144", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:24:17Z", details: "important", }, ], title: "CVE-2016-1583", }, { cve: "CVE-2016-2053", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-2053", }, ], notes: [ { category: "general", text: "The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-2053", url: "https://www.suse.com/security/cve/CVE-2016-2053", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-2053", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 963762 for CVE-2016-2053", url: "https://bugzilla.suse.com/963762", }, { category: "external", summary: "SUSE Bug 979074 for CVE-2016-2053", url: "https://bugzilla.suse.com/979074", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:24:17Z", details: "moderate", }, ], title: "CVE-2016-2053", }, { cve: "CVE-2016-3134", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3134", }, ], notes: [ { category: "general", text: "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3134", url: "https://www.suse.com/security/cve/CVE-2016-3134", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-3134", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1052256 for CVE-2016-3134", url: "https://bugzilla.suse.com/1052256", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-3134", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 971126 for CVE-2016-3134", url: "https://bugzilla.suse.com/971126", }, { category: "external", summary: "SUSE Bug 971793 for CVE-2016-3134", url: "https://bugzilla.suse.com/971793", }, { category: "external", summary: "SUSE Bug 986362 for CVE-2016-3134", url: "https://bugzilla.suse.com/986362", }, { category: "external", summary: "SUSE Bug 986365 for CVE-2016-3134", url: "https://bugzilla.suse.com/986365", }, { category: "external", summary: "SUSE Bug 986377 for CVE-2016-3134", url: "https://bugzilla.suse.com/986377", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:24:17Z", details: "moderate", }, ], title: "CVE-2016-3134", }, { cve: "CVE-2016-4470", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4470", }, ], notes: [ { category: "general", text: "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4470", url: "https://www.suse.com/security/cve/CVE-2016-4470", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4470", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 984755 for CVE-2016-4470", url: "https://bugzilla.suse.com/984755", }, { category: "external", summary: "SUSE Bug 984764 for CVE-2016-4470", url: "https://bugzilla.suse.com/984764", }, { category: "external", summary: "SUSE Bug 991651 for CVE-2016-4470", url: "https://bugzilla.suse.com/991651", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:24:17Z", details: "moderate", }, ], title: "CVE-2016-4470", }, { cve: "CVE-2016-4565", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4565", }, ], notes: [ { category: "general", text: "The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4565", url: "https://www.suse.com/security/cve/CVE-2016-4565", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4565", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 979548 for CVE-2016-4565", url: "https://bugzilla.suse.com/979548", }, { category: "external", summary: "SUSE Bug 980363 for CVE-2016-4565", url: "https://bugzilla.suse.com/980363", }, { category: "external", summary: "SUSE Bug 980883 for CVE-2016-4565", url: "https://bugzilla.suse.com/980883", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_48-52_27-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:24:17Z", details: "moderate", }, ], title: "CVE-2016-4565", }, ], }
suse-su-2016:1961-1
Vulnerability from csaf_suse
Published
2016-08-04 14:55
Modified
2016-08-04 14:55
Summary
Security update for Linux Kernel Live Patch 0 for SLE 12 SP1
Notes
Title of the patch
Security update for Linux Kernel Live Patch 0 for SLE 12 SP1
Description of the patch
This update for the Linux Kernel 3.12.49-11.1 fixes the several issues.
These security issues were fixed:
- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764).
- CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144).
- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883).
- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856).
- CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078).
- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074).
- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064).
- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793).
This non-security issue was fixed:
- bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have possibly lead to a softlockup.
Patchnames
SUSE-SLE-Live-Patching-12-2016-1157
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for Linux Kernel Live Patch 0 for SLE 12 SP1", title: "Title of the patch", }, { category: "description", text: "This update for the Linux Kernel 3.12.49-11.1 fixes the several issues.\n\nThese security issues were fixed:\n- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764).\n- CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144).\n- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883).\n- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856).\n- CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078).\n- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074).\n- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064).\n- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\nThis non-security issue was fixed:\n- bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have possibly lead to a softlockup. \n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-Live-Patching-12-2016-1157", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1961-1.json", }, { category: "self", summary: "URL for SUSE-SU-2016:1961-1", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20161961-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2016:1961-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2016-August/002177.html", }, { category: "self", summary: "SUSE Bug 971793", url: "https://bugzilla.suse.com/971793", }, { category: "self", summary: "SUSE Bug 973570", url: "https://bugzilla.suse.com/973570", }, { category: "self", summary: "SUSE Bug 979064", url: "https://bugzilla.suse.com/979064", }, { category: "self", summary: "SUSE Bug 979074", url: "https://bugzilla.suse.com/979074", }, { category: "self", summary: "SUSE Bug 979078", url: "https://bugzilla.suse.com/979078", }, { category: "self", summary: "SUSE Bug 980856", url: "https://bugzilla.suse.com/980856", }, { category: "self", summary: "SUSE Bug 980883", url: "https://bugzilla.suse.com/980883", }, { category: "self", summary: "SUSE Bug 983144", url: "https://bugzilla.suse.com/983144", }, { category: "self", summary: "SUSE Bug 984764", url: "https://bugzilla.suse.com/984764", }, { category: "self", summary: "SUSE CVE CVE-2013-7446 page", url: "https://www.suse.com/security/cve/CVE-2013-7446/", }, { category: "self", summary: "SUSE CVE CVE-2015-8019 page", url: "https://www.suse.com/security/cve/CVE-2015-8019/", }, { category: "self", summary: "SUSE CVE CVE-2015-8816 page", url: "https://www.suse.com/security/cve/CVE-2015-8816/", }, { category: "self", summary: "SUSE CVE CVE-2016-0758 page", url: "https://www.suse.com/security/cve/CVE-2016-0758/", }, { category: "self", summary: "SUSE CVE CVE-2016-1583 page", url: "https://www.suse.com/security/cve/CVE-2016-1583/", }, { category: "self", summary: "SUSE CVE CVE-2016-2053 page", url: "https://www.suse.com/security/cve/CVE-2016-2053/", }, { category: "self", summary: "SUSE CVE CVE-2016-3134 page", url: "https://www.suse.com/security/cve/CVE-2016-3134/", }, { category: "self", summary: "SUSE CVE CVE-2016-4470 page", url: "https://www.suse.com/security/cve/CVE-2016-4470/", }, { category: "self", summary: "SUSE CVE CVE-2016-4565 page", url: "https://www.suse.com/security/cve/CVE-2016-4565/", }, ], title: "Security update for Linux Kernel Live Patch 0 for SLE 12 SP1", tracking: { current_release_date: "2016-08-04T14:55:08Z", generator: { date: "2016-08-04T14:55:08Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2016:1961-1", initial_release_date: "2016-08-04T14:55:08Z", revision_history: [ { date: "2016-08-04T14:55:08Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kgraft-patch-3_12_49-11-default-5-14.2.x86_64", product: { name: "kgraft-patch-3_12_49-11-default-5-14.2.x86_64", product_id: "kgraft-patch-3_12_49-11-default-5-14.2.x86_64", }, }, { category: "product_version", name: "kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", product: { name: "kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", product_id: "kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Live Patching 12", product: { name: "SUSE Linux Enterprise Live Patching 12", product_id: "SUSE Linux Enterprise Live Patching 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-live-patching:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kgraft-patch-3_12_49-11-default-5-14.2.x86_64 as component of SUSE Linux Enterprise Live Patching 12", product_id: "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", }, product_reference: "kgraft-patch-3_12_49-11-default-5-14.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Live Patching 12", }, { category: "default_component_of", full_product_name: { name: "kgraft-patch-3_12_49-11-xen-5-14.2.x86_64 as component of SUSE Linux Enterprise Live Patching 12", product_id: "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", }, product_reference: "kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Live Patching 12", }, ], }, vulnerabilities: [ { cve: "CVE-2013-7446", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-7446", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-7446", url: "https://www.suse.com/security/cve/CVE-2013-7446", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2013-7446", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 955654 for CVE-2013-7446", url: "https://bugzilla.suse.com/955654", }, { category: "external", summary: "SUSE Bug 955837 for CVE-2013-7446", url: "https://bugzilla.suse.com/955837", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-04T14:55:08Z", details: "moderate", }, ], title: "CVE-2013-7446", }, { cve: "CVE-2015-8019", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8019", }, ], notes: [ { category: "general", text: "The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8019", url: "https://www.suse.com/security/cve/CVE-2015-8019", }, { category: "external", summary: "SUSE Bug 1032268 for CVE-2015-8019", url: "https://bugzilla.suse.com/1032268", }, { category: "external", summary: "SUSE Bug 951199 for CVE-2015-8019", url: "https://bugzilla.suse.com/951199", }, { category: "external", summary: "SUSE Bug 952587 for CVE-2015-8019", url: "https://bugzilla.suse.com/952587", }, { category: "external", summary: "SUSE Bug 979078 for CVE-2015-8019", url: "https://bugzilla.suse.com/979078", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-04T14:55:08Z", details: "moderate", }, ], title: "CVE-2015-8019", }, { cve: "CVE-2015-8816", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8816", }, ], notes: [ { category: "general", text: "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8816", url: "https://www.suse.com/security/cve/CVE-2015-8816", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2015-8816", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 968010 for CVE-2015-8816", url: "https://bugzilla.suse.com/968010", }, { category: "external", summary: "SUSE Bug 979064 for CVE-2015-8816", url: "https://bugzilla.suse.com/979064", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-04T14:55:08Z", details: "moderate", }, ], title: "CVE-2015-8816", }, { cve: "CVE-2016-0758", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0758", }, ], notes: [ { category: "general", text: "Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0758", url: "https://www.suse.com/security/cve/CVE-2016-0758", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-0758", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1072204 for CVE-2016-0758", url: "https://bugzilla.suse.com/1072204", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-0758", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 979867 for CVE-2016-0758", url: "https://bugzilla.suse.com/979867", }, { category: "external", summary: "SUSE Bug 980856 for CVE-2016-0758", url: "https://bugzilla.suse.com/980856", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-04T14:55:08Z", details: "important", }, ], title: "CVE-2016-0758", }, { cve: "CVE-2016-1583", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1583", }, ], notes: [ { category: "general", text: "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1583", url: "https://www.suse.com/security/cve/CVE-2016-1583", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-1583", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1052256 for CVE-2016-1583", url: "https://bugzilla.suse.com/1052256", }, { category: "external", summary: "SUSE Bug 983143 for CVE-2016-1583", url: "https://bugzilla.suse.com/983143", }, { category: "external", summary: "SUSE Bug 983144 for CVE-2016-1583", url: "https://bugzilla.suse.com/983144", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-04T14:55:08Z", details: "important", }, ], title: "CVE-2016-1583", }, { cve: "CVE-2016-2053", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-2053", }, ], notes: [ { category: "general", text: "The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-2053", url: "https://www.suse.com/security/cve/CVE-2016-2053", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-2053", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 963762 for CVE-2016-2053", url: "https://bugzilla.suse.com/963762", }, { category: "external", summary: "SUSE Bug 979074 for CVE-2016-2053", url: "https://bugzilla.suse.com/979074", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-04T14:55:08Z", details: "moderate", }, ], title: "CVE-2016-2053", }, { cve: "CVE-2016-3134", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3134", }, ], notes: [ { category: "general", text: "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3134", url: "https://www.suse.com/security/cve/CVE-2016-3134", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-3134", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1052256 for CVE-2016-3134", url: "https://bugzilla.suse.com/1052256", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-3134", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 971126 for CVE-2016-3134", url: "https://bugzilla.suse.com/971126", }, { category: "external", summary: "SUSE Bug 971793 for CVE-2016-3134", url: "https://bugzilla.suse.com/971793", }, { category: "external", summary: "SUSE Bug 986362 for CVE-2016-3134", url: "https://bugzilla.suse.com/986362", }, { category: "external", summary: "SUSE Bug 986365 for CVE-2016-3134", url: "https://bugzilla.suse.com/986365", }, { category: "external", summary: "SUSE Bug 986377 for CVE-2016-3134", url: "https://bugzilla.suse.com/986377", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-04T14:55:08Z", details: "moderate", }, ], title: "CVE-2016-3134", }, { cve: "CVE-2016-4470", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4470", }, ], notes: [ { category: "general", text: "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4470", url: "https://www.suse.com/security/cve/CVE-2016-4470", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4470", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 984755 for CVE-2016-4470", url: "https://bugzilla.suse.com/984755", }, { category: "external", summary: "SUSE Bug 984764 for CVE-2016-4470", url: "https://bugzilla.suse.com/984764", }, { category: "external", summary: "SUSE Bug 991651 for CVE-2016-4470", url: "https://bugzilla.suse.com/991651", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-04T14:55:08Z", details: "moderate", }, ], title: "CVE-2016-4470", }, { cve: "CVE-2016-4565", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4565", }, ], notes: [ { category: "general", text: "The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4565", url: "https://www.suse.com/security/cve/CVE-2016-4565", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4565", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 979548 for CVE-2016-4565", url: "https://bugzilla.suse.com/979548", }, { category: "external", summary: "SUSE Bug 980363 for CVE-2016-4565", url: "https://bugzilla.suse.com/980363", }, { category: "external", summary: "SUSE Bug 980883 for CVE-2016-4565", url: "https://bugzilla.suse.com/980883", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-default-5-14.2.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_49-11-xen-5-14.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-04T14:55:08Z", details: "moderate", }, ], title: "CVE-2016-4565", }, ], }
suse-su-2016:1995-1
Vulnerability from csaf_suse
Published
2016-08-09 11:23
Modified
2016-08-09 11:23
Summary
Security update for Linux Kernel Live Patch 9 for SLE 12
Notes
Title of the patch
Security update for Linux Kernel Live Patch 9 for SLE 12
Description of the patch
This update for the Linux Kernel 3.12.51-52_31 fixes several issues.
The following security bugs were fixed:
- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764).
- CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144).
- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883).
- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856).
- CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078).
- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074).
- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064).
- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793).
- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837).
Patchnames
SUSE-SLE-SAP-12-2016-1175,SUSE-SLE-SERVER-12-2016-1175
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for Linux Kernel Live Patch 9 for SLE 12", title: "Title of the patch", }, { category: "description", text: "This update for the Linux Kernel 3.12.51-52_31 fixes several issues.\n\nThe following security bugs were fixed:\n- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764).\n- CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144).\n- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883).\n- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856).\n- CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078).\n- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074).\n- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064).\n- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-SAP-12-2016-1175,SUSE-SLE-SERVER-12-2016-1175", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1995-1.json", }, { category: "self", summary: "URL for SUSE-SU-2016:1995-1", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20161995-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2016:1995-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2016-August/002182.html", }, { category: "self", summary: "SUSE Bug 955837", url: "https://bugzilla.suse.com/955837", }, { category: "self", summary: "SUSE Bug 971793", url: "https://bugzilla.suse.com/971793", }, { category: "self", summary: "SUSE Bug 973570", url: "https://bugzilla.suse.com/973570", }, { category: "self", summary: "SUSE Bug 979064", url: "https://bugzilla.suse.com/979064", }, { category: "self", summary: "SUSE Bug 979074", url: "https://bugzilla.suse.com/979074", }, { category: "self", summary: "SUSE Bug 979078", url: "https://bugzilla.suse.com/979078", }, { category: "self", summary: "SUSE Bug 980856", url: "https://bugzilla.suse.com/980856", }, { category: "self", summary: "SUSE Bug 980883", url: "https://bugzilla.suse.com/980883", }, { category: "self", summary: "SUSE Bug 983144", url: "https://bugzilla.suse.com/983144", }, { category: "self", summary: "SUSE Bug 984764", url: "https://bugzilla.suse.com/984764", }, { category: "self", summary: "SUSE CVE CVE-2013-7446 page", url: "https://www.suse.com/security/cve/CVE-2013-7446/", }, { category: "self", summary: "SUSE CVE CVE-2015-8019 page", url: "https://www.suse.com/security/cve/CVE-2015-8019/", }, { category: "self", summary: "SUSE CVE CVE-2015-8816 page", url: "https://www.suse.com/security/cve/CVE-2015-8816/", }, { category: "self", summary: "SUSE CVE CVE-2016-0758 page", url: "https://www.suse.com/security/cve/CVE-2016-0758/", }, { category: "self", summary: "SUSE CVE CVE-2016-1583 page", url: "https://www.suse.com/security/cve/CVE-2016-1583/", }, { category: "self", summary: "SUSE CVE CVE-2016-2053 page", url: "https://www.suse.com/security/cve/CVE-2016-2053/", }, { category: "self", summary: "SUSE CVE CVE-2016-3134 page", url: "https://www.suse.com/security/cve/CVE-2016-3134/", }, { category: "self", summary: "SUSE CVE CVE-2016-4470 page", url: "https://www.suse.com/security/cve/CVE-2016-4470/", }, { category: "self", summary: "SUSE CVE CVE-2016-4565 page", url: "https://www.suse.com/security/cve/CVE-2016-4565/", }, ], title: "Security update for Linux Kernel Live Patch 9 for SLE 12", tracking: { current_release_date: "2016-08-09T11:23:52Z", generator: { date: "2016-08-09T11:23:52Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2016:1995-1", initial_release_date: "2016-08-09T11:23:52Z", revision_history: [ { date: "2016-08-09T11:23:52Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", product: { name: "kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", product_id: "kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", }, }, { category: "product_version", name: "kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", product: { name: "kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", product_id: "kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 12", product: { name: "SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:12", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 12-LTSS", product: { name: "SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", }, product_reference: "kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12", product_id: "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", }, product_reference: "kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12", }, { category: "default_component_of", full_product_name: { name: "kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", }, product_reference: "kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, { category: "default_component_of", full_product_name: { name: "kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS", product_id: "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", }, product_reference: "kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS", }, ], }, vulnerabilities: [ { cve: "CVE-2013-7446", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-7446", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-7446", url: "https://www.suse.com/security/cve/CVE-2013-7446", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2013-7446", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 955654 for CVE-2013-7446", url: "https://bugzilla.suse.com/955654", }, { category: "external", summary: "SUSE Bug 955837 for CVE-2013-7446", url: "https://bugzilla.suse.com/955837", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:23:52Z", details: "moderate", }, ], title: "CVE-2013-7446", }, { cve: "CVE-2015-8019", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8019", }, ], notes: [ { category: "general", text: "The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8019", url: "https://www.suse.com/security/cve/CVE-2015-8019", }, { category: "external", summary: "SUSE Bug 1032268 for CVE-2015-8019", url: "https://bugzilla.suse.com/1032268", }, { category: "external", summary: "SUSE Bug 951199 for CVE-2015-8019", url: "https://bugzilla.suse.com/951199", }, { category: "external", summary: "SUSE Bug 952587 for CVE-2015-8019", url: "https://bugzilla.suse.com/952587", }, { category: "external", summary: "SUSE Bug 979078 for CVE-2015-8019", url: "https://bugzilla.suse.com/979078", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:23:52Z", details: "moderate", }, ], title: "CVE-2015-8019", }, { cve: "CVE-2015-8816", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8816", }, ], notes: [ { category: "general", text: "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8816", url: "https://www.suse.com/security/cve/CVE-2015-8816", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2015-8816", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 968010 for CVE-2015-8816", url: "https://bugzilla.suse.com/968010", }, { category: "external", summary: "SUSE Bug 979064 for CVE-2015-8816", url: "https://bugzilla.suse.com/979064", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:23:52Z", details: "moderate", }, ], title: "CVE-2015-8816", }, { cve: "CVE-2016-0758", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0758", }, ], notes: [ { category: "general", text: "Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0758", url: "https://www.suse.com/security/cve/CVE-2016-0758", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-0758", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1072204 for CVE-2016-0758", url: "https://bugzilla.suse.com/1072204", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-0758", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 979867 for CVE-2016-0758", url: "https://bugzilla.suse.com/979867", }, { category: "external", summary: "SUSE Bug 980856 for CVE-2016-0758", url: "https://bugzilla.suse.com/980856", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:23:52Z", details: "important", }, ], title: "CVE-2016-0758", }, { cve: "CVE-2016-1583", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1583", }, ], notes: [ { category: "general", text: "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1583", url: "https://www.suse.com/security/cve/CVE-2016-1583", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-1583", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1052256 for CVE-2016-1583", url: "https://bugzilla.suse.com/1052256", }, { category: "external", summary: "SUSE Bug 983143 for CVE-2016-1583", url: "https://bugzilla.suse.com/983143", }, { category: "external", summary: "SUSE Bug 983144 for CVE-2016-1583", url: "https://bugzilla.suse.com/983144", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:23:52Z", details: "important", }, ], title: "CVE-2016-1583", }, { cve: "CVE-2016-2053", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-2053", }, ], notes: [ { category: "general", text: "The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-2053", url: "https://www.suse.com/security/cve/CVE-2016-2053", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-2053", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 963762 for CVE-2016-2053", url: "https://bugzilla.suse.com/963762", }, { category: "external", summary: "SUSE Bug 979074 for CVE-2016-2053", url: "https://bugzilla.suse.com/979074", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:23:52Z", details: "moderate", }, ], title: "CVE-2016-2053", }, { cve: "CVE-2016-3134", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3134", }, ], notes: [ { category: "general", text: "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3134", url: "https://www.suse.com/security/cve/CVE-2016-3134", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-3134", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1052256 for CVE-2016-3134", url: "https://bugzilla.suse.com/1052256", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-3134", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 971126 for CVE-2016-3134", url: "https://bugzilla.suse.com/971126", }, { category: "external", summary: "SUSE Bug 971793 for CVE-2016-3134", url: "https://bugzilla.suse.com/971793", }, { category: "external", summary: "SUSE Bug 986362 for CVE-2016-3134", url: "https://bugzilla.suse.com/986362", }, { category: "external", summary: "SUSE Bug 986365 for CVE-2016-3134", url: "https://bugzilla.suse.com/986365", }, { category: "external", summary: "SUSE Bug 986377 for CVE-2016-3134", url: "https://bugzilla.suse.com/986377", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:23:52Z", details: "moderate", }, ], title: "CVE-2016-3134", }, { cve: "CVE-2016-4470", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4470", }, ], notes: [ { category: "general", text: "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4470", url: "https://www.suse.com/security/cve/CVE-2016-4470", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4470", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 984755 for CVE-2016-4470", url: "https://bugzilla.suse.com/984755", }, { category: "external", summary: "SUSE Bug 984764 for CVE-2016-4470", url: "https://bugzilla.suse.com/984764", }, { category: "external", summary: "SUSE Bug 991651 for CVE-2016-4470", url: "https://bugzilla.suse.com/991651", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:23:52Z", details: "moderate", }, ], title: "CVE-2016-4470", }, { cve: "CVE-2016-4565", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4565", }, ], notes: [ { category: "general", text: "The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4565", url: "https://www.suse.com/security/cve/CVE-2016-4565", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4565", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 979548 for CVE-2016-4565", url: "https://bugzilla.suse.com/979548", }, { category: "external", summary: "SUSE Bug 980363 for CVE-2016-4565", url: "https://bugzilla.suse.com/980363", }, { category: "external", summary: "SUSE Bug 980883 for CVE-2016-4565", url: "https://bugzilla.suse.com/980883", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-default-5-2.2.x86_64", "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_31-xen-5-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:23:52Z", details: "moderate", }, ], title: "CVE-2016-4565", }, ], }
suse-su-2016:1994-1
Vulnerability from csaf_suse
Published
2016-08-09 11:25
Modified
2016-08-09 11:25
Summary
Security update for Linux Kernel Live Patch 1 for SLE 12 SP1
Notes
Title of the patch
Security update for Linux Kernel Live Patch 1 for SLE 12 SP1
Description of the patch
This update for the Linux Kernel 3.12.51-60_20 fixes the several issues.
These security issues were fixed:
- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764).
- CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144).
- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883).
- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856).
- CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078).
- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074).
- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064).
- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793).
This non-security issue was fixed:
- bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have possibly lead to a softlockup.
Patchnames
SUSE-SLE-Live-Patching-12-2016-1183
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for Linux Kernel Live Patch 1 for SLE 12 SP1", title: "Title of the patch", }, { category: "description", text: "This update for the Linux Kernel 3.12.51-60_20 fixes the several issues.\n\nThese security issues were fixed:\n- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764).\n- CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144).\n- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883).\n- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856).\n- CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078).\n- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074).\n- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064).\n- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\nThis non-security issue was fixed:\n- bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have possibly lead to a softlockup. \n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-Live-Patching-12-2016-1183", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1994-1.json", }, { category: "self", summary: "URL for SUSE-SU-2016:1994-1", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20161994-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2016:1994-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2016-August/002181.html", }, { category: "self", summary: "SUSE Bug 971793", url: "https://bugzilla.suse.com/971793", }, { category: "self", summary: "SUSE Bug 973570", url: "https://bugzilla.suse.com/973570", }, { category: "self", summary: "SUSE Bug 979064", url: "https://bugzilla.suse.com/979064", }, { category: "self", summary: "SUSE Bug 979074", url: "https://bugzilla.suse.com/979074", }, { category: "self", summary: "SUSE Bug 979078", url: "https://bugzilla.suse.com/979078", }, { category: "self", summary: "SUSE Bug 980856", url: "https://bugzilla.suse.com/980856", }, { category: "self", summary: "SUSE Bug 980883", url: "https://bugzilla.suse.com/980883", }, { category: "self", summary: "SUSE Bug 983144", url: "https://bugzilla.suse.com/983144", }, { category: "self", summary: "SUSE Bug 984764", url: "https://bugzilla.suse.com/984764", }, { category: "self", summary: "SUSE CVE CVE-2013-7446 page", url: "https://www.suse.com/security/cve/CVE-2013-7446/", }, { category: "self", summary: "SUSE CVE CVE-2015-8019 page", url: "https://www.suse.com/security/cve/CVE-2015-8019/", }, { category: "self", summary: "SUSE CVE CVE-2015-8816 page", url: "https://www.suse.com/security/cve/CVE-2015-8816/", }, { category: "self", summary: "SUSE CVE CVE-2016-0758 page", url: "https://www.suse.com/security/cve/CVE-2016-0758/", }, { category: "self", summary: "SUSE CVE CVE-2016-1583 page", url: "https://www.suse.com/security/cve/CVE-2016-1583/", }, { category: "self", summary: "SUSE CVE CVE-2016-2053 page", url: "https://www.suse.com/security/cve/CVE-2016-2053/", }, { category: "self", summary: "SUSE CVE CVE-2016-3134 page", url: "https://www.suse.com/security/cve/CVE-2016-3134/", }, { category: "self", summary: "SUSE CVE CVE-2016-4470 page", url: "https://www.suse.com/security/cve/CVE-2016-4470/", }, { category: "self", summary: "SUSE CVE CVE-2016-4565 page", url: "https://www.suse.com/security/cve/CVE-2016-4565/", }, ], title: "Security update for Linux Kernel Live Patch 1 for SLE 12 SP1", tracking: { current_release_date: "2016-08-09T11:25:53Z", generator: { date: "2016-08-09T11:25:53Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2016:1994-1", initial_release_date: "2016-08-09T11:25:53Z", revision_history: [ { date: "2016-08-09T11:25:53Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", product: { name: "kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", product_id: "kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", }, }, { category: "product_version", name: "kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", product: { name: "kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", product_id: "kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Live Patching 12", product: { name: "SUSE Linux Enterprise Live Patching 12", product_id: "SUSE Linux Enterprise Live Patching 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-live-patching:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12", product_id: "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", }, product_reference: "kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Live Patching 12", }, { category: "default_component_of", full_product_name: { name: "kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12", product_id: "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", }, product_reference: "kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Live Patching 12", }, ], }, vulnerabilities: [ { cve: "CVE-2013-7446", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-7446", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-7446", url: "https://www.suse.com/security/cve/CVE-2013-7446", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2013-7446", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 955654 for CVE-2013-7446", url: "https://bugzilla.suse.com/955654", }, { category: "external", summary: "SUSE Bug 955837 for CVE-2013-7446", url: "https://bugzilla.suse.com/955837", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:53Z", details: "moderate", }, ], title: "CVE-2013-7446", }, { cve: "CVE-2015-8019", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8019", }, ], notes: [ { category: "general", text: "The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8019", url: "https://www.suse.com/security/cve/CVE-2015-8019", }, { category: "external", summary: "SUSE Bug 1032268 for CVE-2015-8019", url: "https://bugzilla.suse.com/1032268", }, { category: "external", summary: "SUSE Bug 951199 for CVE-2015-8019", url: "https://bugzilla.suse.com/951199", }, { category: "external", summary: "SUSE Bug 952587 for CVE-2015-8019", url: "https://bugzilla.suse.com/952587", }, { category: "external", summary: "SUSE Bug 979078 for CVE-2015-8019", url: "https://bugzilla.suse.com/979078", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:53Z", details: "moderate", }, ], title: "CVE-2015-8019", }, { cve: "CVE-2015-8816", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8816", }, ], notes: [ { category: "general", text: "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8816", url: "https://www.suse.com/security/cve/CVE-2015-8816", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2015-8816", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 968010 for CVE-2015-8816", url: "https://bugzilla.suse.com/968010", }, { category: "external", summary: "SUSE Bug 979064 for CVE-2015-8816", url: "https://bugzilla.suse.com/979064", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:53Z", details: "moderate", }, ], title: "CVE-2015-8816", }, { cve: "CVE-2016-0758", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0758", }, ], notes: [ { category: "general", text: "Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0758", url: "https://www.suse.com/security/cve/CVE-2016-0758", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-0758", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1072204 for CVE-2016-0758", url: "https://bugzilla.suse.com/1072204", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-0758", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 979867 for CVE-2016-0758", url: "https://bugzilla.suse.com/979867", }, { category: "external", summary: "SUSE Bug 980856 for CVE-2016-0758", url: "https://bugzilla.suse.com/980856", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:53Z", details: "important", }, ], title: "CVE-2016-0758", }, { cve: "CVE-2016-1583", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1583", }, ], notes: [ { category: "general", text: "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1583", url: "https://www.suse.com/security/cve/CVE-2016-1583", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-1583", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1052256 for CVE-2016-1583", url: "https://bugzilla.suse.com/1052256", }, { category: "external", summary: "SUSE Bug 983143 for CVE-2016-1583", url: "https://bugzilla.suse.com/983143", }, { category: "external", summary: "SUSE Bug 983144 for CVE-2016-1583", url: "https://bugzilla.suse.com/983144", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:53Z", details: "important", }, ], title: "CVE-2016-1583", }, { cve: "CVE-2016-2053", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-2053", }, ], notes: [ { category: "general", text: "The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-2053", url: "https://www.suse.com/security/cve/CVE-2016-2053", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-2053", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 963762 for CVE-2016-2053", url: "https://bugzilla.suse.com/963762", }, { category: "external", summary: "SUSE Bug 979074 for CVE-2016-2053", url: "https://bugzilla.suse.com/979074", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:53Z", details: "moderate", }, ], title: "CVE-2016-2053", }, { cve: "CVE-2016-3134", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3134", }, ], notes: [ { category: "general", text: "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3134", url: "https://www.suse.com/security/cve/CVE-2016-3134", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-3134", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1052256 for CVE-2016-3134", url: "https://bugzilla.suse.com/1052256", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-3134", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 971126 for CVE-2016-3134", url: "https://bugzilla.suse.com/971126", }, { category: "external", summary: "SUSE Bug 971793 for CVE-2016-3134", url: "https://bugzilla.suse.com/971793", }, { category: "external", summary: "SUSE Bug 986362 for CVE-2016-3134", url: "https://bugzilla.suse.com/986362", }, { category: "external", summary: "SUSE Bug 986365 for CVE-2016-3134", url: "https://bugzilla.suse.com/986365", }, { category: "external", summary: "SUSE Bug 986377 for CVE-2016-3134", url: "https://bugzilla.suse.com/986377", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:53Z", details: "moderate", }, ], title: "CVE-2016-3134", }, { cve: "CVE-2016-4470", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4470", }, ], notes: [ { category: "general", text: "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4470", url: "https://www.suse.com/security/cve/CVE-2016-4470", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4470", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 984755 for CVE-2016-4470", url: "https://bugzilla.suse.com/984755", }, { category: "external", summary: "SUSE Bug 984764 for CVE-2016-4470", url: "https://bugzilla.suse.com/984764", }, { category: "external", summary: "SUSE Bug 991651 for CVE-2016-4470", url: "https://bugzilla.suse.com/991651", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:53Z", details: "moderate", }, ], title: "CVE-2016-4470", }, { cve: "CVE-2016-4565", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4565", }, ], notes: [ { category: "general", text: "The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4565", url: "https://www.suse.com/security/cve/CVE-2016-4565", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4565", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 979548 for CVE-2016-4565", url: "https://bugzilla.suse.com/979548", }, { category: "external", summary: "SUSE Bug 980363 for CVE-2016-4565", url: "https://bugzilla.suse.com/980363", }, { category: "external", summary: "SUSE Bug 980883 for CVE-2016-4565", url: "https://bugzilla.suse.com/980883", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-default-5-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_20-xen-5-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:53Z", details: "moderate", }, ], title: "CVE-2016-4565", }, ], }
suse-su-2016:2009-1
Vulnerability from csaf_suse
Published
2016-08-09 11:25
Modified
2016-08-09 11:25
Summary
Security update for Linux Kernel Live Patch 2 for SLE 12 SP1
Notes
Title of the patch
Security update for Linux Kernel Live Patch 2 for SLE 12 SP1
Description of the patch
This update for the Linux Kernel 3.12.51-60_25 fixes the several issues.
These security issues were fixed:
- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764).
- CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144).
- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883).
- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856).
- CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078).
- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074).
- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064).
- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793).
This non-security issue was fixed:
- bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have possibly lead to a softlockup.
Patchnames
SUSE-SLE-Live-Patching-12-2016-1182
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for Linux Kernel Live Patch 2 for SLE 12 SP1", title: "Title of the patch", }, { category: "description", text: "This update for the Linux Kernel 3.12.51-60_25 fixes the several issues.\n\nThese security issues were fixed:\n- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764).\n- CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144).\n- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883).\n- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856).\n- CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078).\n- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074).\n- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064).\n- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n\nThis non-security issue was fixed:\n- bsc#973570: The fix for CVE-2013-7446 introduced a bug that could have possibly lead to a softlockup. \n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-Live-Patching-12-2016-1182", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2009-1.json", }, { category: "self", summary: "URL for SUSE-SU-2016:2009-1", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20162009-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2016:2009-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2016-August/002195.html", }, { category: "self", summary: "SUSE Bug 971793", url: "https://bugzilla.suse.com/971793", }, { category: "self", summary: "SUSE Bug 973570", url: "https://bugzilla.suse.com/973570", }, { category: "self", summary: "SUSE Bug 979064", url: "https://bugzilla.suse.com/979064", }, { category: "self", summary: "SUSE Bug 979074", url: "https://bugzilla.suse.com/979074", }, { category: "self", summary: "SUSE Bug 979078", url: "https://bugzilla.suse.com/979078", }, { category: "self", summary: "SUSE Bug 980856", url: "https://bugzilla.suse.com/980856", }, { category: "self", summary: "SUSE Bug 980883", url: "https://bugzilla.suse.com/980883", }, { category: "self", summary: "SUSE Bug 983144", url: "https://bugzilla.suse.com/983144", }, { category: "self", summary: "SUSE Bug 984764", url: "https://bugzilla.suse.com/984764", }, { category: "self", summary: "SUSE CVE CVE-2013-7446 page", url: "https://www.suse.com/security/cve/CVE-2013-7446/", }, { category: "self", summary: "SUSE CVE CVE-2015-8019 page", url: "https://www.suse.com/security/cve/CVE-2015-8019/", }, { category: "self", summary: "SUSE CVE CVE-2015-8816 page", url: "https://www.suse.com/security/cve/CVE-2015-8816/", }, { category: "self", summary: "SUSE CVE CVE-2016-0758 page", url: "https://www.suse.com/security/cve/CVE-2016-0758/", }, { category: "self", summary: "SUSE CVE CVE-2016-1583 page", url: "https://www.suse.com/security/cve/CVE-2016-1583/", }, { category: "self", summary: "SUSE CVE CVE-2016-2053 page", url: "https://www.suse.com/security/cve/CVE-2016-2053/", }, { category: "self", summary: "SUSE CVE CVE-2016-3134 page", url: "https://www.suse.com/security/cve/CVE-2016-3134/", }, { category: "self", summary: "SUSE CVE CVE-2016-4470 page", url: "https://www.suse.com/security/cve/CVE-2016-4470/", }, { category: "self", summary: "SUSE CVE CVE-2016-4565 page", url: "https://www.suse.com/security/cve/CVE-2016-4565/", }, ], title: "Security update for Linux Kernel Live Patch 2 for SLE 12 SP1", tracking: { current_release_date: "2016-08-09T11:25:36Z", generator: { date: "2016-08-09T11:25:36Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2016:2009-1", initial_release_date: "2016-08-09T11:25:36Z", revision_history: [ { date: "2016-08-09T11:25:36Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", product: { name: "kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", product_id: "kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", }, }, { category: "product_version", name: "kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", product: { name: "kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", product_id: "kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Live Patching 12", product: { name: "SUSE Linux Enterprise Live Patching 12", product_id: "SUSE Linux Enterprise Live Patching 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-live-patching:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12", product_id: "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", }, product_reference: "kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Live Patching 12", }, { category: "default_component_of", full_product_name: { name: "kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12", product_id: "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", }, product_reference: "kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Live Patching 12", }, ], }, vulnerabilities: [ { cve: "CVE-2013-7446", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-7446", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-7446", url: "https://www.suse.com/security/cve/CVE-2013-7446", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2013-7446", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 955654 for CVE-2013-7446", url: "https://bugzilla.suse.com/955654", }, { category: "external", summary: "SUSE Bug 955837 for CVE-2013-7446", url: "https://bugzilla.suse.com/955837", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:36Z", details: "moderate", }, ], title: "CVE-2013-7446", }, { cve: "CVE-2015-8019", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8019", }, ], notes: [ { category: "general", text: "The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8019", url: "https://www.suse.com/security/cve/CVE-2015-8019", }, { category: "external", summary: "SUSE Bug 1032268 for CVE-2015-8019", url: "https://bugzilla.suse.com/1032268", }, { category: "external", summary: "SUSE Bug 951199 for CVE-2015-8019", url: "https://bugzilla.suse.com/951199", }, { category: "external", summary: "SUSE Bug 952587 for CVE-2015-8019", url: "https://bugzilla.suse.com/952587", }, { category: "external", summary: "SUSE Bug 979078 for CVE-2015-8019", url: "https://bugzilla.suse.com/979078", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:36Z", details: "moderate", }, ], title: "CVE-2015-8019", }, { cve: "CVE-2015-8816", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8816", }, ], notes: [ { category: "general", text: "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8816", url: "https://www.suse.com/security/cve/CVE-2015-8816", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2015-8816", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 968010 for CVE-2015-8816", url: "https://bugzilla.suse.com/968010", }, { category: "external", summary: "SUSE Bug 979064 for CVE-2015-8816", url: "https://bugzilla.suse.com/979064", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:36Z", details: "moderate", }, ], title: "CVE-2015-8816", }, { cve: "CVE-2016-0758", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0758", }, ], notes: [ { category: "general", text: "Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0758", url: "https://www.suse.com/security/cve/CVE-2016-0758", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-0758", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1072204 for CVE-2016-0758", url: "https://bugzilla.suse.com/1072204", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-0758", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 979867 for CVE-2016-0758", url: "https://bugzilla.suse.com/979867", }, { category: "external", summary: "SUSE Bug 980856 for CVE-2016-0758", url: "https://bugzilla.suse.com/980856", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:36Z", details: "important", }, ], title: "CVE-2016-0758", }, { cve: "CVE-2016-1583", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1583", }, ], notes: [ { category: "general", text: "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1583", url: "https://www.suse.com/security/cve/CVE-2016-1583", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-1583", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1052256 for CVE-2016-1583", url: "https://bugzilla.suse.com/1052256", }, { category: "external", summary: "SUSE Bug 983143 for CVE-2016-1583", url: "https://bugzilla.suse.com/983143", }, { category: "external", summary: "SUSE Bug 983144 for CVE-2016-1583", url: "https://bugzilla.suse.com/983144", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:36Z", details: "important", }, ], title: "CVE-2016-1583", }, { cve: "CVE-2016-2053", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-2053", }, ], notes: [ { category: "general", text: "The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-2053", url: "https://www.suse.com/security/cve/CVE-2016-2053", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-2053", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 963762 for CVE-2016-2053", url: "https://bugzilla.suse.com/963762", }, { category: "external", summary: "SUSE Bug 979074 for CVE-2016-2053", url: "https://bugzilla.suse.com/979074", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:36Z", details: "moderate", }, ], title: "CVE-2016-2053", }, { cve: "CVE-2016-3134", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3134", }, ], notes: [ { category: "general", text: "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3134", url: "https://www.suse.com/security/cve/CVE-2016-3134", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-3134", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1052256 for CVE-2016-3134", url: "https://bugzilla.suse.com/1052256", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-3134", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 971126 for CVE-2016-3134", url: "https://bugzilla.suse.com/971126", }, { category: "external", summary: "SUSE Bug 971793 for CVE-2016-3134", url: "https://bugzilla.suse.com/971793", }, { category: "external", summary: "SUSE Bug 986362 for CVE-2016-3134", url: "https://bugzilla.suse.com/986362", }, { category: "external", summary: "SUSE Bug 986365 for CVE-2016-3134", url: "https://bugzilla.suse.com/986365", }, { category: "external", summary: "SUSE Bug 986377 for CVE-2016-3134", url: "https://bugzilla.suse.com/986377", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:36Z", details: "moderate", }, ], title: "CVE-2016-3134", }, { cve: "CVE-2016-4470", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4470", }, ], notes: [ { category: "general", text: "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4470", url: "https://www.suse.com/security/cve/CVE-2016-4470", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4470", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 984755 for CVE-2016-4470", url: "https://bugzilla.suse.com/984755", }, { category: "external", summary: "SUSE Bug 984764 for CVE-2016-4470", url: "https://bugzilla.suse.com/984764", }, { category: "external", summary: "SUSE Bug 991651 for CVE-2016-4470", url: "https://bugzilla.suse.com/991651", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:36Z", details: "moderate", }, ], title: "CVE-2016-4470", }, { cve: "CVE-2016-4565", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4565", }, ], notes: [ { category: "general", text: "The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4565", url: "https://www.suse.com/security/cve/CVE-2016-4565", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4565", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 979548 for CVE-2016-4565", url: "https://bugzilla.suse.com/979548", }, { category: "external", summary: "SUSE Bug 980363 for CVE-2016-4565", url: "https://bugzilla.suse.com/980363", }, { category: "external", summary: "SUSE Bug 980883 for CVE-2016-4565", url: "https://bugzilla.suse.com/980883", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-default-4-2.1.x86_64", "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_51-60_25-xen-4-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-09T11:25:36Z", details: "moderate", }, ], title: "CVE-2016-4565", }, ], }
fkie_cve-2015-8019
Vulnerability from fkie_nvd
Published
2016-05-02 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | 3.14.54 | |
| linux | linux_kernel | 3.18.22 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:3.14.54:*:*:*:*:*:*:*", matchCriteriaId: "C0DACDE5-D562-4F1F-BA8B-F8444BD684C6", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:3.18.22:*:*:*:*:*:*:*", matchCriteriaId: "3DABD193-4997-477A-9878-FA5CD4AEEC4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.", }, { lang: "es", value: "La función skb_copy_and_csum_datagram_iovec en net/core/datagram.c en el kernel de Linux 3.14.54 y 3.18.22 no acepta un argumento length, lo que permite a usuarios locales provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de una llamada de sistema write seguida por una llamada de sistema recvmsg.", }, ], id: "CVE-2015-8019", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-02T10:59:17.233", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { source: "cve@mitre.org", url: "http://patchwork.ozlabs.org/patch/530642/", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/10/27/11", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/77326", }, { source: "cve@mitre.org", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276588", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://patchwork.ozlabs.org/patch/530642/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/10/27/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/77326", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276588", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2015-8019
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.
Aliases
Aliases
{ GSD: { alias: "CVE-2015-8019", description: "The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.", id: "GSD-2015-8019", references: [ "https://www.suse.com/security/cve/CVE-2015-8019.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2015-8019", ], details: "The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.", id: "GSD-2015-8019", modified: "2023-12-13T01:20:03.001787Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8019", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20151027 CVE Request: Linux kernel: Buffer overflow when copying data from skbuff to userspace", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/10/27/11", }, { name: "SUSE-SU-2016:1994", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { name: "SUSE-SU-2016:1961", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1276588", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276588", }, { name: "SUSE-SU-2016:2009", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { name: "http://patchwork.ozlabs.org/patch/530642/", refsource: "MISC", url: "http://patchwork.ozlabs.org/patch/530642/", }, { name: "SUSE-SU-2016:2005", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { name: "77326", refsource: "BID", url: "http://www.securityfocus.com/bid/77326", }, { name: "SUSE-SU-2016:1995", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:linux:linux_kernel:3.18.22:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:linux:linux_kernel:3.14.54:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8019", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "http://patchwork.ozlabs.org/patch/530642/", refsource: "MISC", tags: [], url: "http://patchwork.ozlabs.org/patch/530642/", }, { name: "[oss-security] 20151027 CVE Request: Linux kernel: Buffer overflow when copying data from skbuff to userspace", refsource: "MLIST", tags: [], url: "http://www.openwall.com/lists/oss-security/2015/10/27/11", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1276588", refsource: "CONFIRM", tags: [], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276588", }, { name: "77326", refsource: "BID", tags: [], url: "http://www.securityfocus.com/bid/77326", }, { name: "SUSE-SU-2016:1961", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { name: "SUSE-SU-2016:1995", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { name: "SUSE-SU-2016:1994", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { name: "SUSE-SU-2016:2005", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { name: "SUSE-SU-2016:2009", refsource: "SUSE", tags: [], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, }, }, lastModifiedDate: "2016-11-28T19:45Z", publishedDate: "2016-05-02T10:59Z", }, }, }
ghsa-gj89-xw5c-cf26
Vulnerability from github
Published
2022-05-17 03:44
Modified
2025-04-12 12:59
Severity ?
Details
The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.
{ affected: [], aliases: [ "CVE-2015-8019", ], database_specific: { cwe_ids: [ "CWE-20", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2016-05-02T10:59:00Z", severity: "HIGH", }, details: "The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.", id: "GHSA-gj89-xw5c-cf26", modified: "2025-04-12T12:59:23Z", published: "2022-05-17T03:44:02Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2015-8019", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1276588", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html", }, { type: "WEB", url: "http://patchwork.ozlabs.org/patch/530642", }, { type: "WEB", url: "http://www.openwall.com/lists/oss-security/2015/10/27/11", }, { type: "WEB", url: "http://www.securityfocus.com/bid/77326", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.