Vulnerability from csaf_suse
Published
2016-08-08 14:55
Modified
2016-08-08 14:55
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572).
- CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362).
- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755).
- CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213).
- CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143).
- CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandled NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725).
- CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267).
- CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371).
- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867).
- CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998).
- CVE-2016-3707: The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, allowed remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file (bnc#980246).
- CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944).
- CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401).
- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762).
- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548).
- CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821).
- CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879).
- CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213).
- CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822).
- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126).
The following non-security bugs were fixed:
- ALSA: hrtimer: Handle start/stop more properly (bsc#973378).
- ALSA: oxygen: add Xonar DGX support (bsc#982691).
- Assign correct ->can_queue value in hv_storvsc (bnc#969391)
- Delete patches.drivers/nvme-0165-Split-header-file-into-user-visible-and-kernel-.patch. SLE11-SP4 does not have uapi headers so move everything back to the original header (bnc#981231)
- Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets (bsc#976739).
- Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309)
- KVM: x86: fix maintenance of guest/host xcr0 state (bsc#961518).
- MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491).
- NFS: Do not attempt to decode missing directory entries (bsc#980931).
- NFS: avoid deadlocks with loop-back mounted NFS filesystems (bsc#956491).
- NFS: avoid waiting at all in nfs_release_page when congested (bsc#956491).
- NFS: fix memory corruption rooted in get_ih_name pointer math (bsc#984107).
- NFS: reduce access cache shrinker locking (bnc#866130).
- NFSv4: Ensure that we do not drop a state owner more than once (bsc#979595).
- NFSv4: OPEN must handle the NFS4ERR_IO return code correctly (bsc#979595).
- NVMe: Unify controller probe and resume (bsc#979347).
- RDMA/cxgb4: Configure 0B MRs to match HW implementation (bsc#909589).
- RDMA/cxgb4: Do not hang threads forever waiting on WR replies (bsc#909589).
- RDMA/cxgb4: Fix locking issue in process_mpa_request (bsc#909589).
- RDMA/cxgb4: Handle NET_XMIT return codes (bsc#909589).
- RDMA/cxgb4: Increase epd buff size for debug interface (bsc#909589).
- RDMA/cxgb4: Limit MRs to less than 8GB for T4/T5 devices (bsc#909589).
- RDMA/cxgb4: Serialize CQ event upcalls with CQ destruction (bsc#909589).
- RDMA/cxgb4: Wake up waiters after flushing the qp (bsc#909589).
- SCSI: Increase REPORT_LUNS timeout (bsc#971989).
- Update patches.drivers/nvme-0265-fix-max_segments-integer-truncation.patch (bsc#979419). Fix reference.
- Update patches.fixes/bnx2x-Alloc-4k-fragment-for-each-rx-ring-buffer-elem.patch (bsc#953369 bsc#975358).
- bridge: superfluous skb->nfct check in br_nf_dev_queue_xmit (bsc#982544).
- cgroups: do not attach task to subsystem if migration failed (bnc#979274).
- cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274).
- cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857, bsc#974646).
- dasd: fix hanging system after LCU changes (bnc#968500, LTC#136671).
- enic: set netdev->vlan_features (bsc#966245).
- fcoe: fix reset of fip selection time (bsc#974787).
- hid-elo: kill not flush the work (bnc#982532).
- ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits (bsc#967914).
- ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360).
- ipv4: fix ineffective source address selection (bsc#980788).
- ipvs: count pre-established TCP states as active (bsc#970114).
- iucv: call skb_linearize() when needed (bnc#979915, LTC#141240).
- kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544).
- mm/hugetlb.c: correct missing private flag clearing (VM Functionality, bnc#971446).
- mm/hugetlb: fix backport of upstream commit 07443a85ad (VM Functionality, bnc#971446).
- mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721).
- mm/vmscan.c: avoid throttling reclaim for loop-back nfsd threads (bsc#956491).
- mm: Fix DIF failures on ext3 filesystems (bsc#971030).
- net/qlge: Avoids recursive EEH error (bsc#954847).
- netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544).
- netfilter: bridge: do not leak skb in error paths (bsc#982544).
- netfilter: bridge: forward IPv6 fragmented packets (bsc#982544).
- nvme: fix max_segments integer truncation (bsc#676471).
- ocfs2: do not set fs read-only if rec[0] is empty while committing truncate (bnc#971947).
- ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (bnc#971947).
- ocfs2: extend transaction for ocfs2_remove_rightmost_path() and ocfs2_update_edge_lengths() before to avoid inconsistency between inode and et (bnc#971947).
- qeth: delete napi struct when removing a qeth device (bnc#979915, LTC#143590).
- rpm/modprobe-xen.conf: Revert comment change to allow parallel install (bsc#957986). This reverts commit 855c7ce885fd412ce2a25ccc12a46e565c83f235.
- s390/dasd: prevent incorrect length error under z/VM after PAV changes (bnc#968500, LTC#136670).
- s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979915, LTC#141456).
- s390/pci: add extra padding to function measurement block (bnc#968500, LTC#139445).
- s390/pci: enforce fmb page boundary rule (bnc#968500, LTC#139445).
- s390/pci: extract software counters from fmb (bnc#968500, LTC#139445).
- s390/pci: fix use after free in dma_init (bnc#979915, LTC#141626).
- s390/pci: remove pdev pointer from arch data (bnc#968500, LTC#139444).
- s390/pci_dma: fix DMA table corruption with > 4 TB main memory (bnc#968500, LTC#139401).
- s390/pci_dma: handle dma table failures (bnc#968500, LTC#139442).
- s390/pci_dma: improve debugging of errors during dma map (bnc#968500, LTC#139442).
- s390/pci_dma: unify label of invalid translation table entries (bnc#968500, LTC#139442).
- s390/spinlock: avoid yield to non existent cpu (bnc#968500, LTC#141106).
- s390: fix test_fp_ctl inline assembly contraints (bnc#979915, LTC#143138).
- sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498).
- sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498).
- sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498).
- veth: do not modify ip_summed (bsc#969149).
- vgaarb: Add more context to error messages (bsc#976868).
- virtio_scsi: Implement eh_timed_out callback (bsc#936530).
- x86, kvm: fix kvm's usage of kernel_fpu_begin/end() (bsc#961518).
- x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu() (bsc#961518).
- x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).
Patchnames
slertesp4-linux-kernel-12681
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for the Linux Kernel", title: "Title of the patch", }, { category: "description", text: "The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n- CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572).\n- CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362).\n- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755).\n- CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213).\n- CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143).\n- CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandled NM (aka alternate name) entries containing \\0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725).\n- CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267).\n- CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371).\n- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867).\n- CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998).\n- CVE-2016-3707: The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, allowed remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file (bnc#980246).\n- CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944).\n- CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401).\n- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762).\n- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548).\n- CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821).\n- CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879).\n- CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213).\n- CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822).\n- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\nThe following non-security bugs were fixed:\n- ALSA: hrtimer: Handle start/stop more properly (bsc#973378).\n- ALSA: oxygen: add Xonar DGX support (bsc#982691).\n- Assign correct ->can_queue value in hv_storvsc (bnc#969391)\n- Delete patches.drivers/nvme-0165-Split-header-file-into-user-visible-and-kernel-.patch. SLE11-SP4 does not have uapi headers so move everything back to the original header (bnc#981231)\n- Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets (bsc#976739).\n- Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309)\n- KVM: x86: fix maintenance of guest/host xcr0 state (bsc#961518).\n- MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491).\n- NFS: Do not attempt to decode missing directory entries (bsc#980931).\n- NFS: avoid deadlocks with loop-back mounted NFS filesystems (bsc#956491).\n- NFS: avoid waiting at all in nfs_release_page when congested (bsc#956491).\n- NFS: fix memory corruption rooted in get_ih_name pointer math (bsc#984107).\n- NFS: reduce access cache shrinker locking (bnc#866130).\n- NFSv4: Ensure that we do not drop a state owner more than once (bsc#979595).\n- NFSv4: OPEN must handle the NFS4ERR_IO return code correctly (bsc#979595).\n- NVMe: Unify controller probe and resume (bsc#979347).\n- RDMA/cxgb4: Configure 0B MRs to match HW implementation (bsc#909589).\n- RDMA/cxgb4: Do not hang threads forever waiting on WR replies (bsc#909589).\n- RDMA/cxgb4: Fix locking issue in process_mpa_request (bsc#909589).\n- RDMA/cxgb4: Handle NET_XMIT return codes (bsc#909589).\n- RDMA/cxgb4: Increase epd buff size for debug interface (bsc#909589).\n- RDMA/cxgb4: Limit MRs to less than 8GB for T4/T5 devices (bsc#909589).\n- RDMA/cxgb4: Serialize CQ event upcalls with CQ destruction (bsc#909589).\n- RDMA/cxgb4: Wake up waiters after flushing the qp (bsc#909589).\n- SCSI: Increase REPORT_LUNS timeout (bsc#971989).\n- Update patches.drivers/nvme-0265-fix-max_segments-integer-truncation.patch (bsc#979419). Fix reference.\n- Update patches.fixes/bnx2x-Alloc-4k-fragment-for-each-rx-ring-buffer-elem.patch (bsc#953369 bsc#975358).\n- bridge: superfluous skb->nfct check in br_nf_dev_queue_xmit (bsc#982544).\n- cgroups: do not attach task to subsystem if migration failed (bnc#979274).\n- cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274).\n- cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857, bsc#974646).\n- dasd: fix hanging system after LCU changes (bnc#968500, LTC#136671).\n- enic: set netdev->vlan_features (bsc#966245).\n- fcoe: fix reset of fip selection time (bsc#974787).\n- hid-elo: kill not flush the work (bnc#982532).\n- ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits (bsc#967914).\n- ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360).\n- ipv4: fix ineffective source address selection (bsc#980788).\n- ipvs: count pre-established TCP states as active (bsc#970114).\n- iucv: call skb_linearize() when needed (bnc#979915, LTC#141240).\n- kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544).\n- mm/hugetlb.c: correct missing private flag clearing (VM Functionality, bnc#971446).\n- mm/hugetlb: fix backport of upstream commit 07443a85ad (VM Functionality, bnc#971446).\n- mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721).\n- mm/vmscan.c: avoid throttling reclaim for loop-back nfsd threads (bsc#956491).\n- mm: Fix DIF failures on ext3 filesystems (bsc#971030).\n- net/qlge: Avoids recursive EEH error (bsc#954847).\n- netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544).\n- netfilter: bridge: do not leak skb in error paths (bsc#982544).\n- netfilter: bridge: forward IPv6 fragmented packets (bsc#982544).\n- nvme: fix max_segments integer truncation (bsc#676471).\n- ocfs2: do not set fs read-only if rec[0] is empty while committing truncate (bnc#971947).\n- ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (bnc#971947).\n- ocfs2: extend transaction for ocfs2_remove_rightmost_path() and ocfs2_update_edge_lengths() before to avoid inconsistency between inode and et (bnc#971947).\n- qeth: delete napi struct when removing a qeth device (bnc#979915, LTC#143590).\n- rpm/modprobe-xen.conf: Revert comment change to allow parallel install (bsc#957986). This reverts commit 855c7ce885fd412ce2a25ccc12a46e565c83f235.\n- s390/dasd: prevent incorrect length error under z/VM after PAV changes (bnc#968500, LTC#136670).\n- s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979915, LTC#141456).\n- s390/pci: add extra padding to function measurement block (bnc#968500, LTC#139445).\n- s390/pci: enforce fmb page boundary rule (bnc#968500, LTC#139445).\n- s390/pci: extract software counters from fmb (bnc#968500, LTC#139445).\n- s390/pci: fix use after free in dma_init (bnc#979915, LTC#141626).\n- s390/pci: remove pdev pointer from arch data (bnc#968500, LTC#139444).\n- s390/pci_dma: fix DMA table corruption with > 4 TB main memory (bnc#968500, LTC#139401).\n- s390/pci_dma: handle dma table failures (bnc#968500, LTC#139442).\n- s390/pci_dma: improve debugging of errors during dma map (bnc#968500, LTC#139442).\n- s390/pci_dma: unify label of invalid translation table entries (bnc#968500, LTC#139442).\n- s390/spinlock: avoid yield to non existent cpu (bnc#968500, LTC#141106).\n- s390: fix test_fp_ctl inline assembly contraints (bnc#979915, LTC#143138).\n- sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498).\n- sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498).\n- sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498).\n- veth: do not modify ip_summed (bsc#969149).\n- vgaarb: Add more context to error messages (bsc#976868).\n- virtio_scsi: Implement eh_timed_out callback (bsc#936530).\n- x86, kvm: fix kvm's usage of kernel_fpu_begin/end() (bsc#961518).\n- x86, kvm: use kernel_fpu_begin/end() in kvm_load/put_guest_fpu() (bsc#961518).\n- x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).\n", title: "Description of the patch", }, { category: "details", text: "slertesp4-linux-kernel-12681", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_1985-1.json", }, { category: "self", summary: "URL for SUSE-SU-2016:1985-1", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20161985-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2016:1985-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2016-August/002180.html", }, { category: "self", summary: "SUSE Bug 676471", url: "https://bugzilla.suse.com/676471", }, { category: "self", summary: "SUSE Bug 866130", url: "https://bugzilla.suse.com/866130", }, { category: "self", summary: "SUSE Bug 909589", url: "https://bugzilla.suse.com/909589", }, { category: "self", summary: "SUSE Bug 936530", url: "https://bugzilla.suse.com/936530", }, { category: "self", summary: "SUSE Bug 944309", url: "https://bugzilla.suse.com/944309", }, { category: "self", summary: "SUSE Bug 950998", url: "https://bugzilla.suse.com/950998", }, { category: "self", summary: "SUSE Bug 953369", url: "https://bugzilla.suse.com/953369", }, { category: "self", summary: "SUSE Bug 954847", url: "https://bugzilla.suse.com/954847", }, { category: "self", summary: "SUSE Bug 956491", url: "https://bugzilla.suse.com/956491", }, { category: "self", summary: "SUSE Bug 957986", url: "https://bugzilla.suse.com/957986", }, { category: "self", summary: "SUSE Bug 960857", url: "https://bugzilla.suse.com/960857", }, { category: "self", summary: "SUSE Bug 961518", url: "https://bugzilla.suse.com/961518", }, { category: "self", summary: "SUSE Bug 963762", url: "https://bugzilla.suse.com/963762", }, { category: "self", summary: "SUSE Bug 966245", url: "https://bugzilla.suse.com/966245", }, { category: "self", summary: "SUSE Bug 967914", url: "https://bugzilla.suse.com/967914", }, { category: "self", summary: "SUSE Bug 968500", url: "https://bugzilla.suse.com/968500", }, { category: "self", summary: "SUSE Bug 969149", url: "https://bugzilla.suse.com/969149", }, { category: "self", summary: "SUSE Bug 969391", url: "https://bugzilla.suse.com/969391", }, { category: "self", summary: "SUSE Bug 970114", url: "https://bugzilla.suse.com/970114", }, { category: "self", summary: "SUSE Bug 971030", url: "https://bugzilla.suse.com/971030", }, { category: "self", summary: "SUSE Bug 971126", url: "https://bugzilla.suse.com/971126", }, { category: "self", summary: "SUSE Bug 971360", url: "https://bugzilla.suse.com/971360", }, { category: "self", summary: "SUSE Bug 971446", url: "https://bugzilla.suse.com/971446", }, { category: "self", summary: "SUSE Bug 971944", url: "https://bugzilla.suse.com/971944", }, { category: "self", summary: "SUSE Bug 971947", url: "https://bugzilla.suse.com/971947", }, { category: "self", summary: "SUSE Bug 971989", url: "https://bugzilla.suse.com/971989", }, { category: "self", summary: "SUSE Bug 973378", url: "https://bugzilla.suse.com/973378", }, { category: "self", summary: "SUSE Bug 974620", url: "https://bugzilla.suse.com/974620", }, { category: "self", summary: "SUSE Bug 974646", url: "https://bugzilla.suse.com/974646", }, { category: "self", summary: "SUSE Bug 974787", url: "https://bugzilla.suse.com/974787", }, { category: "self", summary: "SUSE Bug 975358", url: "https://bugzilla.suse.com/975358", }, { category: "self", summary: "SUSE Bug 976739", url: "https://bugzilla.suse.com/976739", }, { category: "self", summary: "SUSE Bug 976868", url: "https://bugzilla.suse.com/976868", }, { category: "self", summary: "SUSE Bug 978401", url: "https://bugzilla.suse.com/978401", }, { category: "self", summary: "SUSE Bug 978821", url: "https://bugzilla.suse.com/978821", }, { category: "self", summary: "SUSE Bug 978822", url: "https://bugzilla.suse.com/978822", }, { category: "self", summary: "SUSE Bug 979213", url: "https://bugzilla.suse.com/979213", }, { category: "self", summary: "SUSE Bug 979274", url: "https://bugzilla.suse.com/979274", }, { category: "self", summary: "SUSE Bug 979347", url: "https://bugzilla.suse.com/979347", }, { category: "self", summary: "SUSE Bug 979419", url: "https://bugzilla.suse.com/979419", }, { category: "self", summary: "SUSE Bug 979548", url: "https://bugzilla.suse.com/979548", }, { category: "self", summary: "SUSE Bug 979595", url: "https://bugzilla.suse.com/979595", }, { category: "self", summary: "SUSE Bug 979867", url: "https://bugzilla.suse.com/979867", }, { category: "self", summary: "SUSE Bug 979879", url: "https://bugzilla.suse.com/979879", }, { category: "self", summary: "SUSE Bug 979915", url: "https://bugzilla.suse.com/979915", }, { category: "self", summary: "SUSE Bug 980246", url: "https://bugzilla.suse.com/980246", }, { category: "self", summary: "SUSE Bug 980371", url: "https://bugzilla.suse.com/980371", }, { category: "self", summary: "SUSE Bug 980725", url: "https://bugzilla.suse.com/980725", }, { category: "self", summary: "SUSE Bug 980788", url: "https://bugzilla.suse.com/980788", }, { category: "self", summary: "SUSE Bug 980931", url: "https://bugzilla.suse.com/980931", }, { category: "self", summary: "SUSE Bug 981231", url: "https://bugzilla.suse.com/981231", }, { category: "self", summary: "SUSE Bug 981267", url: "https://bugzilla.suse.com/981267", }, { category: "self", summary: "SUSE Bug 982532", url: "https://bugzilla.suse.com/982532", }, { category: "self", summary: "SUSE Bug 982544", url: "https://bugzilla.suse.com/982544", }, { category: "self", summary: "SUSE Bug 982691", url: "https://bugzilla.suse.com/982691", }, { category: "self", summary: "SUSE Bug 983143", url: "https://bugzilla.suse.com/983143", }, { category: "self", summary: "SUSE Bug 983213", url: "https://bugzilla.suse.com/983213", }, { category: "self", summary: "SUSE Bug 983721", url: "https://bugzilla.suse.com/983721", }, { category: "self", summary: "SUSE Bug 984107", url: "https://bugzilla.suse.com/984107", }, { category: "self", summary: "SUSE Bug 984755", url: "https://bugzilla.suse.com/984755", }, { category: "self", summary: "SUSE Bug 986362", url: "https://bugzilla.suse.com/986362", }, { category: "self", summary: "SUSE Bug 986572", url: "https://bugzilla.suse.com/986572", }, { category: "self", summary: "SUSE Bug 988498", url: "https://bugzilla.suse.com/988498", }, { category: "self", summary: "SUSE CVE CVE-2015-7833 page", url: "https://www.suse.com/security/cve/CVE-2015-7833/", }, { category: "self", summary: "SUSE CVE CVE-2016-0758 page", url: "https://www.suse.com/security/cve/CVE-2016-0758/", }, { category: "self", summary: "SUSE CVE CVE-2016-1583 page", url: "https://www.suse.com/security/cve/CVE-2016-1583/", }, { category: "self", summary: "SUSE CVE CVE-2016-2053 page", url: "https://www.suse.com/security/cve/CVE-2016-2053/", }, { category: "self", summary: "SUSE CVE CVE-2016-2187 page", url: "https://www.suse.com/security/cve/CVE-2016-2187/", }, { category: "self", summary: "SUSE CVE CVE-2016-3134 page", url: "https://www.suse.com/security/cve/CVE-2016-3134/", }, { category: "self", summary: "SUSE CVE CVE-2016-3707 page", url: "https://www.suse.com/security/cve/CVE-2016-3707/", }, { category: "self", summary: "SUSE CVE CVE-2016-4470 page", url: "https://www.suse.com/security/cve/CVE-2016-4470/", }, { category: "self", summary: "SUSE CVE CVE-2016-4482 page", url: "https://www.suse.com/security/cve/CVE-2016-4482/", }, { category: "self", summary: "SUSE CVE CVE-2016-4485 page", url: "https://www.suse.com/security/cve/CVE-2016-4485/", }, { category: "self", summary: "SUSE CVE CVE-2016-4486 page", url: "https://www.suse.com/security/cve/CVE-2016-4486/", }, { category: "self", summary: "SUSE CVE CVE-2016-4565 page", url: "https://www.suse.com/security/cve/CVE-2016-4565/", }, { category: "self", summary: "SUSE CVE CVE-2016-4569 page", url: "https://www.suse.com/security/cve/CVE-2016-4569/", }, { category: "self", summary: "SUSE CVE CVE-2016-4578 page", url: "https://www.suse.com/security/cve/CVE-2016-4578/", }, { category: "self", summary: "SUSE CVE CVE-2016-4580 page", url: "https://www.suse.com/security/cve/CVE-2016-4580/", }, { category: "self", summary: "SUSE CVE CVE-2016-4805 page", url: "https://www.suse.com/security/cve/CVE-2016-4805/", }, { category: "self", summary: "SUSE CVE CVE-2016-4913 page", url: "https://www.suse.com/security/cve/CVE-2016-4913/", }, { category: "self", summary: "SUSE CVE CVE-2016-4997 page", url: "https://www.suse.com/security/cve/CVE-2016-4997/", }, { category: "self", summary: "SUSE CVE CVE-2016-5244 page", url: "https://www.suse.com/security/cve/CVE-2016-5244/", }, { category: "self", summary: "SUSE CVE CVE-2016-5829 page", url: "https://www.suse.com/security/cve/CVE-2016-5829/", }, ], title: "Security update for the Linux Kernel", tracking: { current_release_date: "2016-08-08T14:55:45Z", generator: { date: "2016-08-08T14:55:45Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2016:1985-1", initial_release_date: "2016-08-08T14:55:45Z", revision_history: [ { date: "2016-08-08T14:55:45Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kernel-rt-3.0.101.rt130-57.1.x86_64", product: { name: "kernel-rt-3.0.101.rt130-57.1.x86_64", product_id: "kernel-rt-3.0.101.rt130-57.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-base-3.0.101.rt130-57.1.x86_64", product: { name: "kernel-rt-base-3.0.101.rt130-57.1.x86_64", product_id: "kernel-rt-base-3.0.101.rt130-57.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-devel-3.0.101.rt130-57.1.x86_64", product: { name: "kernel-rt-devel-3.0.101.rt130-57.1.x86_64", product_id: "kernel-rt-devel-3.0.101.rt130-57.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_trace-3.0.101.rt130-57.1.x86_64", product: { name: "kernel-rt_trace-3.0.101.rt130-57.1.x86_64", product_id: "kernel-rt_trace-3.0.101.rt130-57.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", product: { name: "kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", product_id: "kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", product: { name: "kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", product_id: "kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", }, }, { category: "product_version", name: "kernel-source-rt-3.0.101.rt130-57.1.x86_64", product: { name: "kernel-source-rt-3.0.101.rt130-57.1.x86_64", product_id: "kernel-source-rt-3.0.101.rt130-57.1.x86_64", }, }, { category: "product_version", name: "kernel-syms-rt-3.0.101.rt130-57.1.x86_64", product: { name: "kernel-syms-rt-3.0.101.rt130-57.1.x86_64", product_id: "kernel-syms-rt-3.0.101.rt130-57.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Real Time 11 SP4", product: { name: "SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4", product_identification_helper: { cpe: "cpe:/a:suse:suse-linux-enterprise-rt:11:sp4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kernel-rt-3.0.101.rt130-57.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", }, product_reference: "kernel-rt-3.0.101.rt130-57.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-base-3.0.101.rt130-57.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", }, product_reference: "kernel-rt-base-3.0.101.rt130-57.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-devel-3.0.101.rt130-57.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", }, product_reference: "kernel-rt-devel-3.0.101.rt130-57.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_trace-3.0.101.rt130-57.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", }, product_reference: "kernel-rt_trace-3.0.101.rt130-57.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", }, product_reference: "kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", }, product_reference: "kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-source-rt-3.0.101.rt130-57.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", }, product_reference: "kernel-source-rt-3.0.101.rt130-57.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-rt-3.0.101.rt130-57.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", }, product_reference: "kernel-syms-rt-3.0.101.rt130-57.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, ], }, vulnerabilities: [ { cve: "CVE-2015-7833", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7833", }, ], notes: [ { category: "general", text: "The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7833", url: "https://www.suse.com/security/cve/CVE-2015-7833", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2015-7833", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 950998 for CVE-2015-7833", url: "https://bugzilla.suse.com/950998", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "moderate", }, ], title: "CVE-2015-7833", }, { cve: "CVE-2016-0758", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0758", }, ], notes: [ { category: "general", text: "Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0758", url: "https://www.suse.com/security/cve/CVE-2016-0758", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-0758", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1072204 for CVE-2016-0758", url: "https://bugzilla.suse.com/1072204", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-0758", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 979867 for CVE-2016-0758", url: "https://bugzilla.suse.com/979867", }, { category: "external", summary: "SUSE Bug 980856 for CVE-2016-0758", url: "https://bugzilla.suse.com/980856", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "important", }, ], title: "CVE-2016-0758", }, { cve: "CVE-2016-1583", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-1583", }, ], notes: [ { category: "general", text: "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-1583", url: "https://www.suse.com/security/cve/CVE-2016-1583", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-1583", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1052256 for CVE-2016-1583", url: "https://bugzilla.suse.com/1052256", }, { category: "external", summary: "SUSE Bug 983143 for CVE-2016-1583", url: "https://bugzilla.suse.com/983143", }, { category: "external", summary: "SUSE Bug 983144 for CVE-2016-1583", url: "https://bugzilla.suse.com/983144", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "important", }, ], title: "CVE-2016-1583", }, { cve: "CVE-2016-2053", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-2053", }, ], notes: [ { category: "general", text: "The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-2053", url: "https://www.suse.com/security/cve/CVE-2016-2053", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-2053", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 963762 for CVE-2016-2053", url: "https://bugzilla.suse.com/963762", }, { category: "external", summary: "SUSE Bug 979074 for CVE-2016-2053", url: "https://bugzilla.suse.com/979074", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "moderate", }, ], title: "CVE-2016-2053", }, { cve: "CVE-2016-2187", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-2187", }, ], notes: [ { category: "general", text: "The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-2187", url: "https://www.suse.com/security/cve/CVE-2016-2187", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-2187", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 971919 for CVE-2016-2187", url: "https://bugzilla.suse.com/971919", }, { category: "external", summary: "SUSE Bug 971944 for CVE-2016-2187", url: "https://bugzilla.suse.com/971944", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "moderate", }, ], title: "CVE-2016-2187", }, { cve: "CVE-2016-3134", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3134", }, ], notes: [ { category: "general", text: "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3134", url: "https://www.suse.com/security/cve/CVE-2016-3134", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-3134", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1052256 for CVE-2016-3134", url: "https://bugzilla.suse.com/1052256", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-3134", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 971126 for CVE-2016-3134", url: "https://bugzilla.suse.com/971126", }, { category: "external", summary: "SUSE Bug 971793 for CVE-2016-3134", url: "https://bugzilla.suse.com/971793", }, { category: "external", summary: "SUSE Bug 986362 for CVE-2016-3134", url: "https://bugzilla.suse.com/986362", }, { category: "external", summary: "SUSE Bug 986365 for CVE-2016-3134", url: "https://bugzilla.suse.com/986365", }, { category: "external", summary: "SUSE Bug 986377 for CVE-2016-3134", url: "https://bugzilla.suse.com/986377", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "moderate", }, ], title: "CVE-2016-3134", }, { cve: "CVE-2016-3707", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3707", }, ], notes: [ { category: "general", text: "The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3707", url: "https://www.suse.com/security/cve/CVE-2016-3707", }, { category: "external", summary: "SUSE Bug 980246 for CVE-2016-3707", url: "https://bugzilla.suse.com/980246", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "important", }, ], title: "CVE-2016-3707", }, { cve: "CVE-2016-4470", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4470", }, ], notes: [ { category: "general", text: "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4470", url: "https://www.suse.com/security/cve/CVE-2016-4470", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4470", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 984755 for CVE-2016-4470", url: "https://bugzilla.suse.com/984755", }, { category: "external", summary: "SUSE Bug 984764 for CVE-2016-4470", url: "https://bugzilla.suse.com/984764", }, { category: "external", summary: "SUSE Bug 991651 for CVE-2016-4470", url: "https://bugzilla.suse.com/991651", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "moderate", }, ], title: "CVE-2016-4470", }, { cve: "CVE-2016-4482", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4482", }, ], notes: [ { category: "general", text: "The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4482", url: "https://www.suse.com/security/cve/CVE-2016-4482", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4482", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 978401 for CVE-2016-4482", url: "https://bugzilla.suse.com/978401", }, { category: "external", summary: "SUSE Bug 978445 for CVE-2016-4482", url: "https://bugzilla.suse.com/978445", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "low", }, ], title: "CVE-2016-4482", }, { cve: "CVE-2016-4485", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4485", }, ], notes: [ { category: "general", text: "The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4485", url: "https://www.suse.com/security/cve/CVE-2016-4485", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4485", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 978821 for CVE-2016-4485", url: "https://bugzilla.suse.com/978821", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "moderate", }, ], title: "CVE-2016-4485", }, { cve: "CVE-2016-4486", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4486", }, ], notes: [ { category: "general", text: "The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4486", url: "https://www.suse.com/security/cve/CVE-2016-4486", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4486", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 978822 for CVE-2016-4486", url: "https://bugzilla.suse.com/978822", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "low", }, ], title: "CVE-2016-4486", }, { cve: "CVE-2016-4565", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4565", }, ], notes: [ { category: "general", text: "The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4565", url: "https://www.suse.com/security/cve/CVE-2016-4565", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4565", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 979548 for CVE-2016-4565", url: "https://bugzilla.suse.com/979548", }, { category: "external", summary: "SUSE Bug 980363 for CVE-2016-4565", url: "https://bugzilla.suse.com/980363", }, { category: "external", summary: "SUSE Bug 980883 for CVE-2016-4565", url: "https://bugzilla.suse.com/980883", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "moderate", }, ], title: "CVE-2016-4565", }, { cve: "CVE-2016-4569", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4569", }, ], notes: [ { category: "general", text: "The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4569", url: "https://www.suse.com/security/cve/CVE-2016-4569", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4569", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 979213 for CVE-2016-4569", url: "https://bugzilla.suse.com/979213", }, { category: "external", summary: "SUSE Bug 979879 for CVE-2016-4569", url: "https://bugzilla.suse.com/979879", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "low", }, ], title: "CVE-2016-4569", }, { cve: "CVE-2016-4578", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4578", }, ], notes: [ { category: "general", text: "sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4578", url: "https://www.suse.com/security/cve/CVE-2016-4578", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4578", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1052256 for CVE-2016-4578", url: "https://bugzilla.suse.com/1052256", }, { category: "external", summary: "SUSE Bug 979879 for CVE-2016-4578", url: "https://bugzilla.suse.com/979879", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "low", }, ], title: "CVE-2016-4578", }, { cve: "CVE-2016-4580", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4580", }, ], notes: [ { category: "general", text: "The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4580", url: "https://www.suse.com/security/cve/CVE-2016-4580", }, { category: "external", summary: "SUSE Bug 870618 for CVE-2016-4580", url: "https://bugzilla.suse.com/870618", }, { category: "external", summary: "SUSE Bug 981267 for CVE-2016-4580", url: "https://bugzilla.suse.com/981267", }, { category: "external", summary: "SUSE Bug 985132 for CVE-2016-4580", url: "https://bugzilla.suse.com/985132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "low", }, ], title: "CVE-2016-4580", }, { cve: "CVE-2016-4805", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4805", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4805", url: "https://www.suse.com/security/cve/CVE-2016-4805", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4805", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-4805", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 980371 for CVE-2016-4805", url: "https://bugzilla.suse.com/980371", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "low", }, ], title: "CVE-2016-4805", }, { cve: "CVE-2016-4913", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4913", }, ], notes: [ { category: "general", text: "The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4913", url: "https://www.suse.com/security/cve/CVE-2016-4913", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-4913", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 870618 for CVE-2016-4913", url: "https://bugzilla.suse.com/870618", }, { category: "external", summary: "SUSE Bug 980725 for CVE-2016-4913", url: "https://bugzilla.suse.com/980725", }, { category: "external", summary: "SUSE Bug 985132 for CVE-2016-4913", url: "https://bugzilla.suse.com/985132", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "moderate", }, ], title: "CVE-2016-4913", }, { cve: "CVE-2016-4997", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4997", }, ], notes: [ { category: "general", text: "The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4997", url: "https://www.suse.com/security/cve/CVE-2016-4997", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4997", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 986362 for CVE-2016-4997", url: "https://bugzilla.suse.com/986362", }, { category: "external", summary: "SUSE Bug 986365 for CVE-2016-4997", url: "https://bugzilla.suse.com/986365", }, { category: "external", summary: "SUSE Bug 986377 for CVE-2016-4997", url: "https://bugzilla.suse.com/986377", }, { category: "external", summary: "SUSE Bug 991651 for CVE-2016-4997", url: "https://bugzilla.suse.com/991651", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "important", }, ], title: "CVE-2016-4997", }, { cve: "CVE-2016-5244", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5244", }, ], notes: [ { category: "general", text: "The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5244", url: "https://www.suse.com/security/cve/CVE-2016-5244", }, { category: "external", summary: "SUSE Bug 983213 for CVE-2016-5244", url: "https://bugzilla.suse.com/983213", }, { category: "external", summary: "SUSE Bug 986225 for CVE-2016-5244", url: "https://bugzilla.suse.com/986225", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "moderate", }, ], title: "CVE-2016-5244", }, { cve: "CVE-2016-5829", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5829", }, ], notes: [ { category: "general", text: "Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5829", url: "https://www.suse.com/security/cve/CVE-2016-5829", }, { category: "external", summary: "SUSE Bug 1053919 for CVE-2016-5829", url: "https://bugzilla.suse.com/1053919", }, { category: "external", summary: "SUSE Bug 1054127 for CVE-2016-5829", url: "https://bugzilla.suse.com/1054127", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-5829", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 986572 for CVE-2016-5829", url: "https://bugzilla.suse.com/986572", }, { category: "external", summary: "SUSE Bug 986573 for CVE-2016-5829", url: "https://bugzilla.suse.com/986573", }, { category: "external", summary: "SUSE Bug 991651 for CVE-2016-5829", url: "https://bugzilla.suse.com/991651", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-57.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-57.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-08-08T14:55:45Z", details: "moderate", }, ], title: "CVE-2016-5829", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.